Solved: Re: Replaced Expired Cert on ACS - Page 2

kevinhobson2000 · ‎02-12-2008

Hi,

I replaced an ACS certificate that had been installed i then did the following:

1. Created a certificate request.

2. Issued the request to the enterprise CA.

3. Copied the certificate to an ftp server.

4. Installed the certificate on the ACS.

5. Configured the CTL again.

6. Restarted the ACS service.

8. Enable EAP-TLS.

The problem is when i try and enable EAP i get the message no ACS certificate installed.

I searched on cisco and it said to disable the CSA and follow the same process which i have done to no avail.

Any help appreciated.

Thanks

Kev

jlizzio · ‎02-20-2008

Yes, the certificate is installed and I have it checked it in the trust list.

-John

Jagdeep Gambhir · ‎02-20-2008

What is the ext of cert you have installed ?

jlizzio · ‎02-20-2008

.cer

kevinhobson2000 · ‎02-21-2008

Try Base 64 format.

Jagdeep Gambhir · ‎02-21-2008

Is RSA key set to 1024 or 2048 ? Use 1024.

Regards,

~JG

jlizzio · ‎02-21-2008

I did do the base 64 install of the cert.

It really looks as if ACS has no idea the cert is installed. On top of not allowing me to check EAP-TLS I cannot enable HTTPS either.

I'm attaching the screen shot of the cert installed so that you guys don't think I'm nuts.

Thanks,

-John

jlizzio · ‎02-22-2008

I forgot to add that RSA 1024 was chosen for the CSR.

Is there any other place to verify that the certificate is installed other then "Install ACS Certificate"?

Thanks,

-John