Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Digital certificate on the ACS Wireless network:

Digital certificate on the ACS Wireless network:

Checking the configuration of the Wireless Notebook no longer requires the digital certificate of the ACS and NVR122 NVR123as worked in the past.

The certificate is generated for the ACS root CA trusted by the COMPANY, so that the public CA certificate supersedes theprevious ACS.

Therefore, any host that is in the field of company would have access to the wireless network.

With this, the 8021x is working with a certificate that is common to all hosts in the field of business.


How do I change it?

ACS 4.2

  • AAA Identity and NAC
1 REPLY

Digital certificate on the ACS Wireless network:

Hi,

Please excuse me if I mis read your question but it seems as if you want to change the root CA that signed the ACS' certificate? The reason for this is because people outside the company will come and connect to the wireless network?

I dont think this is an big issue because root certificates are not meant to be extremely secure, anyone can join the wireless network and then receive a prompt flagging them to not trust the ACS since it isnt signed by a trusted CA. All the user has to do at this point is to accept and they can trust the ACS to send their credentials. As far as gaining access to the network the ACS still has to validate the user.

Let me know if that is the question you are wanting answered.

Thanks,

Tarik Admani

Tarik Admani *Please rate helpful posts*
361
Views
0
Helpful
1
Replies