Solved: ACS 4.2 Cert Domain Name or IP

michael.m.williams · ‎12-02-2008

I was using a self sign certin my ACS 4.2 and then just advised sour students to unckeck "Validate Server Certificate", but some usere wanting to use there phone have a default setting to verify the cert before establishing a connection and so we have decided to install a valid 3rd party certificate to solve this issue and save the help desk folks numerous callls. In the ACS when you generate a cert request you can use the domain name of the ACS in the request. Would it be better to use the IP of the ACS in this process or should I use the Domain name? I want to make sure we provide the correct info when we request a cert.

Thanks

mike

andrew.brazier · ‎12-11-2008

Use the domain name of the ACS server. Buying in a cert is a far better idea than using self-signed. The cost (which is pretty low anyway) is more than offset by the reduction in support calls!

View solution in original post

irisrios · ‎12-08-2008

You can use ACS to generate a self-signed digital certificate to use for the PEAP authentication protocol or HTTPS support of ACS administration. This capability supports TLS/SSL protocols and technologies without the requirement of interacting with a CA.

Refer the below URL to know about â€œ using self-signed certificateâ€:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAuth.html#wp327462

andrew.brazier · ‎12-11-2008

Use the domain name of the ACS server. Buying in a cert is a far better idea than using self-signed. The cost (which is pretty low anyway) is more than offset by the reduction in support calls!

michael.m.williams · ‎12-11-2008

Thanks