Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

error message when trying to enroll a certificate

When I try to install a certificate that I generated using Cisco ACS signing request (CSR) I am getting an error mesage.

"Can not find certificate with specified common name in the ACS Storage"

Am I missing a step I verified the name and the path of .pem file.

Max

3 REPLIES
New Member

Re: error message when trying to enroll a certificate

Once you have generated a CSR, did you submit it to a certificate authority (CA Server) to receive your certificate?

The following is the steps of how I install my cert:

1) Generate Certificate Signing Request:

Certificate subject - "cn=ACS"

Private key file - "c:\Cert\ACScert"

Private key password - "acskey"

Retype private key password - "acskey"

Key length - "1024 bits"

Digest to sign with - "SHA1"

2) Now a certificate signing request is ready. You can copy/paste it to any

certification authority enrollment tool (CA Server).

3) After you have enrolled the above certificate with a CA Server, the CA Server

will return a certificate to you, stored the returned certicate to "c:\Cert"

4) On your ACS, go to "System Configuration" -> "Install ACS Certificate"

5) Select "Use certificate from storage":

Certificate CN - "ACS"

Private key file - "c:\Cert\ACScert"

Private key password - "acskey"

And you are done!!! Once you had installed the certificate, you can used EAP-TLS and PEAP authentication and HTTPS for access to the Cisco Secure ACS HTML interface.

New Member

Re: error message when trying to enroll a certificate

Hi

Just wondering if you got this working?

The reason that I ask is, having gone to the links included in the above replies and attempted to implement them, I continue to have issues with the ACS being able to utilise the certificates.

Scenario:

Have installed Microsoft CA on a stand-alone server. ACS v3.1 is on another stand-alone server. We are utilising the Web interface of the CA (i.e. http://servername/CertSvr) to request a certificate. The request is successful (I ask for a Webserver cert as I understand that is what is required for PEAP implementation) and it asks me to install, which is what I do.

Then in ACS, under System Configuration\Install ACS Certificate, I locate where the cer file has been placed and then point to it, using the private key file that I input when requesting the cert. When I submit the cert, it errors with various different messages, icluding:

Certificate File Not Found

Private key does not match certificate

and others that I cannot now remember.

Can anyone help with a step-by-step walk through of what is required to set this up, both on the Microsoft W2K side and ACS?

Please help!!!!

New Member

Re: error message when trying to enroll a certificate

Hi

You can get some walk through in http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/acstl_wp.htm

This white paper is for EAP-TLS but you need section 5.2.2 - AAA Server Certificate Requirements which is the same for PEAP.

Other than the points mentioned in this section , you have the step-by-step procedure in the previous correspodence.

Let me know if you need more specific help

Ami

387
Views
0
Helpful
3
Replies