10-23-2009 02:53 AM - edited 03-10-2019 04:45 PM
Guys we have acs 4.2 installed ...as it was a single point of failure we have another server now running as a redundant server in a datacentre....all the configs has been done already but the authentication is not been done the server is getting replication from primary and there is no rpoblem but this certificate thing is not installed on ACS....i have tried to look few doco...but sorry to say couldnt find even one doco which tells me how to do that.....the problem is that both the servers are running windows 2003 and they are domain contollers which are not running IIS......and the ACS version is 4.2........i have spend ages but couldnt find the way how to do on windows 2003 running as a domain controller and ACS 4.2 installed on it..........can some one please tell me the way out
10-23-2009 03:47 AM
Hi,
I went through your post. I'm only unsure about one thing that would you like to make the same servers certificate authorities where we have acs installed
Anyways, I'm giving you info about both the options:
==## Configuring your Win 2003 server for an Enterprise Root Certification Authority ##==
http://technet.microsoft.com/en-us/library/cc700804.aspx#XSLTsection123121120120
==## In order to get certificate from CA and get it installed in ACS version 4.2##==
You may go through the attached PDF CONSITS ACS CERTIFICATE SCREEN SHOTS)
10-23-2009 06:59 AM
Thanks for your email......now th escreen shots you have send are amazing but as i have mentioned there is no IIS installed so i cant go to ceriotificate authority home page point no 1....second point is i have no idea abt this certificate thing as on primary ACS when you go to global authentication there is chap2 and m something checked on a very top........even though after replication the box is uncheked ......when i try to check the box and did submit it says that certificate is not installed.....now can you please guide me which certificate its talking abt.....i am getting nuts with this ACS......its so hard and complex......last time when i did replication it was issing some info then some one told me that i can to check NAP....rather then other box (which i dont rem) after doing that i got all the groups (actually its not the groups) it was like domain stuff.........both servers are in different datacentres....dude can you help me out as i am really struggling
10-23-2009 03:50 AM
Hi,
I went through your post. I'm only unsure about one thing that would you like to make the same servers certificate authorities where we have acs installed
Anyways, I'm giving you info about both the options:
==## Configuring your Win 2003 server for an Enterprise Root Certification Authority ##==
http://technet.microsoft.com/en-us/library/cc700804.aspx#XSLTsection123121120120
==## In order to get certificate from CA and get it installed in ACS version 4.2##==
You may go through the attached PDF CONSITS ACS CERTIFICATE SCREEN SHOTS)
10-23-2009 07:40 AM
Hi,
Follow this doc to install self-signed cert. Once you install the cert than go to system configuration > global authentication setup > check peap mschapv2
http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration
_example09186a0080545a29.shtml#t14
You don't need IIS for this but if you still want here is the link:
HTH
JK
Plz rate the helpfuls posts-
10-27-2009 10:47 PM
Thanks for your help now tell me one thing in which case we use self-sign certificate in ACS and in which scenario we use server to make a certificate and then import in acs....i am very confuse regarding this concept......the wirless doesnt use any certificate all ACS is doing in our scenario that it is doing authentoicated the credintials of wirless (username and password) from a windows AD 2003 server......here i have to mention again that windows 2003 is a domain contoller.......so in this scenario which option shd we go for.....there is already a server primary one installed.....is there any way to check that what kind of certificate it is using....i tried my best but couldnt find it.........thanks again
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: