Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

CA certificate application on ACS 5.4 Cluster possible

We have Four ACS 5.4 Appliances , out of which one is Primary ( in DC) and Other Appliances are kept at different Zonal Locations. We have now the requirement for EAP-TLS deployment for Wireless  . Need to Know do we need to generate CA certificate for every individual ACS 5.4 Appliance or CA needs to be installed on Primary ACS and Other Appliance will replicate the certicates during replication process ...

Required Experts Suggestions on same.

Regards

Sachin

Everyone's tags (5)
3 REPLIES
Silver

CA certificate application on ACS 5.4 Cluster possible

Sachin,

Certificates don't get replicated.

It is best to keep the certificates individual as they idenitfy the device and maintain the identity of the each device.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
Gold

CA certificate application on ACS 5.4 Cluster possible

Certificate Authority certificaets get installed at following location from GUI

Users and Identity Stores > Certificate Authorities

They get installed on the primary and get replicated to every server in the deployment.

From the on line help for this page

Configuring CA Certificates

When a client uses the EAP-TLS protocol to authenticate itself against the ACS server, it sends a client  certificate that identifies itself to the server. To verify the identity and correctness of the client certificate,  the server must have a preinstalled certificate from the Certificate Authority (CA) that has digitally  signed the client certificate.  

Silver

CA certificate application on ACS 5.4 Cluster possible

Sachin,

Just to clarify:

As Jonny mentioned, CA certificates do get replicated but local certificates (Certificates signed for the ACS) dont.

**Share your knowledge. It’s a way to achieve immortality.
--Dalai Lama**

Please Rate if helpful.
Regards
Ed

**Share your knowledge. It’s a way to achieve immortality. --Dalai Lama** Please Rate if helpful. Regards Ed
245
Views
0
Helpful
3
Replies
CreatePlease to create content