Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.2 creating Self Signed certificate question

I understand how to create a self-signed certificate with ACS 4.2 however....

The certificates are only good for one year.  Is there a way to change this to where the certificates are good for 5 or 10 years?



Cisco Employee

Re: ACS 4.2 creating Self Signed certificate question


The validity period of self-signed certificate cannot be increased from the default of one year, Cisco recommends that you only use them for EAP as a temporary measure until you can use a traditional CA.

Self-signed certificates are certificates you create without a root or the intermediate involvement of the CA. They have the same value in both the subject and issuer fields like a Root CA Certificate. Most self-signed certificates use X.509 v1 format. Therefore, they do not work with ACS. However, as of version 3.3, ACS has the ability to create its own self-signed certificates which you can use for EAP-TLS and PEAP. Do not use a key size greater than 1024 for compatibility with PEAP and EAP-TLS. If you use a self-signed certificate, the certificate also acts in the capacity of the Root CA Certificate and must be installed in the Certificates (Local Computer) > Trusted Root Certification Authorities >  Certificates folder of the client when you use the Microsoft EAP supplicant. It automatically installs in the trusted root certificates store on the server. However, it must still be trusted in the Certificate Trust List in ACS Certificate Setup. See the Root CA Certificates section for more information.

Self-signed Certificate Setup (only if you do not use an external CA)




Plz rate helpful posts-

~BR Jatin Katyal **Do rate helpful posts**