12-16-2013 01:52 AM - edited 03-10-2019 09:11 PM
We have Four ACS 5.4 Appliances , out of which one is Primary ( in DC) and Other Appliances are kept at different Zonal Locations. We have now the requirement for EAP-TLS deployment for Wireless . Need to Know do we need to generate CA certificate for every individual ACS 5.4 Appliance or CA needs to be installed on Primary ACS and Other Appliance will replicate the certicates during replication process ...
Required Experts Suggestions on same.
Regards
Sachin
12-16-2013 03:02 AM
Sachin,
Certificates don't get replicated.
It is best to keep the certificates individual as they idenitfy the device and maintain the identity of the each device.
**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**
Please Rate if helpful.
Regards
Ed
12-16-2013 03:54 AM
Certificate Authority certificaets get installed at following location from GUI
Users and Identity Stores > | Certificate Authorities |
They get installed on the primary and get replicated to every server in the deployment.
From the on line help for this page
When a client uses the EAP-TLS protocol to authenticate itself against the ACS server, it sends a client certificate that identifies itself to the server. To verify the identity and correctness of the client certificate, the server must have a preinstalled certificate from the Certificate Authority (CA) that has digitally signed the client certificate.
12-16-2013 03:58 AM
Sachin,
Just to clarify:
As Jonny mentioned, CA certificates do get replicated but local certificates (Certificates signed for the ACS) dont.
**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**
Please Rate if helpful.
Regards
Ed
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide