Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
0
Helpful
3
Replies

CA certificate application on ACS 5.4 Cluster possible

sachin.sg
Level 1
Level 1

‎12-16-2013 01:52 AM - edited ‎03-10-2019 09:11 PM

We have Four ACS 5.4 Appliances , out of which one is Primary ( in DC) and Other Appliances are kept at different Zonal Locations. We have now the requirement for EAP-TLS deployment for Wireless  . Need to Know do we need to generate CA certificate for every individual ACS 5.4 Appliance or CA needs to be installed on Primary ACS and Other Appliance will replicate the certicates during replication process ...

Required Experts Suggestions on same.

Regards

Sachin

Labels:
0 Helpful
3 Replies 3

edwjames
Level 3
Level 3

‎12-16-2013 03:02 AM

Sachin,

Certificates don't get replicated.

It is best to keep the certificates individual as they idenitfy the device and maintain the identity of the each device.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful

jrabinow
Level 7
Level 7
In response to edwjames

‎12-16-2013 03:54 AM

Certificate Authority certificaets get installed at following location from GUI

Users and Identity Stores > Certificate Authorities

They get installed on the primary and get replicated to every server in the deployment.

From the on line help for this page

Configuring CA Certificates

When a client uses the EAP-TLS protocol to authenticate itself against the ACS server, it sends a client  certificate that identifies itself to the server. To verify the identity and correctness of the client certificate,  the server must have a preinstalled certificate from the Certificate Authority (CA) that has digitally  signed the client certificate.  

0 Helpful

edwjames
Level 3
Level 3

‎12-16-2013 03:58 AM

Sachin,

Just to clarify:

As Jonny mentioned, CA certificates do get replicated but local certificates (Certificates signed for the ACS) dont.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
0 Helpful
Customers Also Viewed These Support Documents