Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS SE no load Cetificate CA Enterprise Windows 2003

I have an ACS Appliance with integrated Windows 2000 version 4.1.1.23 , I need to implement EAP-TLS in a Domain Windows 2003, the CA that I am using is a "CA 2003". I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to load in the ACS the certificate emitted by the CA. The certificate generated by the CA has the

extension *.cer, but the other one *.pvk file is not generated. THIS IS THE MAIN

PROBLEM.

I have read and followed every configuration step I found in this Document:

Cisco Document ID: 64067

The ACS documentation indicates interoperability with Windows 2003.

5 REPLIES

Re: ACS SE no load Cetificate CA Enterprise Windows 2003

In CA there is no need of Pvk. We need pvk file only for server certificate and not for CA. Both server cert and CA have extension .cer . Find attached the TLS guide.

Regards,

~JG

Do rate helpful posts

New Member

Re: ACS SE no load Cetificate CA Enterprise Windows 2003

When requesting the certificate for ACS, CA delivers a file extension *. cer, trying to load the certificate via FTP ACS does not allow this, since it states that do not find the *. pvk.

The ACS SE have embedde windows 2000 server

New Member

Re: ACS SE no load Cetificate CA Enterprise Windows 2003

Read Cisco Document ID: 64068

The problem is that in W2K3 MS changed the templates so that the private key is not exportable. You have to create a new template.

Wes

New Member

Re: ACS SE no load Cetificate CA Enterprise Windows 2003

yes, I followed a step by step guide EAP-TLS configuration guide v1.03 and the template with key exportable

New Member

Re: ACS SE no load Cetificate CA Enterprise Windows 2003

Hi,

you can use "Generate Certificate Signing Request" in the appliance System configuration page, to request a Certificate from your CA.in the field Private Key file put o name with the extention .pvk and type a password.when you will have the certificate from the CA, download it to your ACS Appliance,you don't need to download the Private key, it's stored in the Appliance, just put the name that you've entred in the first phase of generating a CSR.

I hope that it will help you.

Ismail

251
Views
0
Helpful
5
Replies