Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 creating Self Signed certificate question

I understand how to create a self-signed certificate with ACS 4.2 however....

The certificates are only good for one year.  Is there a way to change this to where the certificates are good for 5 or 10 years?

Thanks,

Josh

1 REPLY
Cisco Employee

Re: ACS 4.2 creating Self Signed certificate question

Hi,


The validity period of self-signed certificate cannot be increased from the default of one year, Cisco recommends that you only use them for EAP as a temporary measure until you can use a traditional CA.


Self-signed certificates are certificates you create without a root or the intermediate involvement of the CA. They have the same value in both the subject and issuer fields like a Root CA Certificate. Most self-signed certificates use X.509 v1 format. Therefore, they do not work with ACS. However, as of version 3.3, ACS has the ability to create its own self-signed certificates which you can use for EAP-TLS and PEAP. Do not use a key size greater than 1024 for compatibility with PEAP and EAP-TLS. If you use a self-signed certificate, the certificate also acts in the capacity of the Root CA Certificate and must be installed in the Certificates (Local Computer) > Trusted Root Certification Authorities >  Certificates folder of the client when you use the Microsoft EAP supplicant. It automatically installs in the trusted root certificates store on the server. However, it must still be trusted in the Certificate Trust List in ACS Certificate Setup. See the Root CA Certificates section for more information.


Self-signed Certificate Setup (only if you do not use an external CA)

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#t14

HTH


Regards,

Jatin


Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**
2503
Views
0
Helpful
1
Replies