Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3604
Views
4
Helpful
4
Replies

Renew the Certificate in Cisco ACS for PEAP Authentication

Go to solution
arturo_triara
Level 1
Level 1

‎07-16-2009 02:06 PM - edited ‎03-10-2019 04:35 PM

Hi, we have installed in the wireless client laptops a certificate created by Cisco ACS to authenticate, but its about to expire.

How can i do to renew the certificate whithout affecting the users.

1 person had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to arturo_triara

‎07-21-2009 09:40 AM

1) Yes, we can generate a new cert but install that latter.

2) Install new generated cert on client.

3) Install the new cert in ACS.

Good plan and will surely work.

Regards,

~JG

Do rate helpful posts

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jagdeep Gambhir
Level 10
Level 10

‎07-17-2009 05:52 AM

Two scenario,

If you are using PEAP without enabling validate server certificate option on client, then there wont be any downtime.

Simply reinstall self sign cert on ACS and all users will be able to connect.

If you are using PEAP with validate server certificate option on client enabled, user won't be able to connect till the time new cert is installed on the client laptop.

Or

Tell user to uncheck the validate server option till the time new cert is installed.

Regards,

~JG

Do rate helpful posts

Go to solution
epatrickwhite
Level 1
Level 1
In response to Jagdeep Gambhir

‎07-17-2009 04:11 PM

The clients wouldn't need to install the new certificate once it's changed on the ACS server? Regardless of whether they have the box checked to validate the certificate, don't they have to have the same certificate installed on the client AND the ACS server?

0 Helpful

Go to solution
arturo_triara
Level 1
Level 1
In response to Jagdeep Gambhir

‎07-21-2009 09:15 AM

Thanks JG.

The scenario its:

Users use PEAP with validate server certificate option on client enabled.

My doubt is:

1.- Can i generate on Cisco ACS4.1 the new certifcate (Generate Self-Signed Certificate). At this time the ACS retains the previous certificate.

2.- Then install the new certificate on clients laptop. At this time users will have the old and new certificate installed.

3.-And once installed on clients laptops install it on Cisco ACS4.1 the new certificate. At this time users and ACS have the new certificate.

Will it work?

thanks

regards

0 Helpful

Go to solution
Jagdeep Gambhir
Level 10
Level 10
In response to arturo_triara

‎07-21-2009 09:40 AM

1) Yes, we can generate a new cert but install that latter.

2) Install new generated cert on client.

3) Install the new cert in ACS.

Good plan and will surely work.

Regards,

~JG

Do rate helpful posts

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents