Has anyone been successfully in getting a cert off of a 2008 R2 CA and imported correct in to ACS 4.2? I've had and have seen other have the problem with creating a web server certificate from R2 (1024 bit) and putting it in ACS 4.2 only to have HTTPS/SSL no longer work correctly. I haven't even tested the intended purpose of the cert (EAP-TLS) yet, so who knows if that works. I've also seen through searching where some one was able to take a 2003 CA web server template and put it into R2 and it work, but I know longer have 2003 available? Any ideas?
I have seen issues where the template on the R2 boxes are using elliptical curve cryptography, basically if the template has a '#" charcter in it is what I think causes this process to be used. Try to use a template that doesnt have this in the front and then try to generate a cert against the template you created.
Here is a snip of the guide that I am forwarding you:
Determining Whether to Implement Cryptography Next Generation Algorithms
For Windows Server 2008–based version 3 certificate templates, the option exists to configure advanced cryptographic algorithms such as elliptic curve cryptography (ECC). Before configuring these settings, ensure that the operating systems and applications deployed in your environment can support these cryptographic algorithms.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :