Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Renew the Certificate in Cisco ACS for PEAP Authentication

Hi, we have installed in the wireless client laptops a certificate created by Cisco ACS to authenticate, but its about to expire.

How can i do to renew the certificate whithout affecting the users.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Renew the Certificate in Cisco ACS for PEAP Authentication

1) Yes, we can generate a new cert but install that latter.

2) Install new generated cert on client.

3) Install the new cert in ACS.

Good plan and will surely work.

Regards,

~JG

Do rate helpful posts

4 REPLIES

Re: Renew the Certificate in Cisco ACS for PEAP Authentication

Two scenario,

If you are using PEAP without enabling validate server certificate option on client, then there wont be any downtime.

Simply reinstall self sign cert on ACS and all users will be able to connect.

If you are using PEAP with validate server certificate option on client enabled, user won't be able to connect till the time new cert is installed on the client laptop.

Or

Tell user to uncheck the validate server option till the time new cert is installed.

Regards,

~JG

Do rate helpful posts

Community Member

Re: Renew the Certificate in Cisco ACS for PEAP Authentication

The clients wouldn't need to install the new certificate once it's changed on the ACS server? Regardless of whether they have the box checked to validate the certificate, don't they have to have the same certificate installed on the client AND the ACS server?

Community Member

Re: Renew the Certificate in Cisco ACS for PEAP Authentication

Thanks JG.

The scenario its:

Users use PEAP with validate server certificate option on client enabled.

My doubt is:

1.- Can i generate on Cisco ACS4.1 the new certifcate (Generate Self-Signed Certificate). At this time the ACS retains the previous certificate.

2.- Then install the new certificate on clients laptop. At this time users will have the old and new certificate installed.

3.-And once installed on clients laptops install it on Cisco ACS4.1 the new certificate. At this time users and ACS have the new certificate.

Will it work?

thanks

regards

Re: Renew the Certificate in Cisco ACS for PEAP Authentication

1) Yes, we can generate a new cert but install that latter.

2) Install new generated cert on client.

3) Install the new cert in ACS.

Good plan and will surely work.

Regards,

~JG

Do rate helpful posts

1702
Views
4
Helpful
4
Replies
CreatePlease to create content