Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Request certificate to ACS Appliance ver4.1

Hi:

The CA is a Windows 2003 and the ACS Appliance 4.1 is running on an embedded Windows 2000. I need to implement EAP-TLS, I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to me to use them, ACS shows this error when I have tried to load it: "the CA certificate you're trying add is expired or is not yet valid ".

I have done the procedures described in the guides rigorously, and I have not get any successful result.

Please Help!!!

Best Regards

6 REPLIES

Re: Request certificate to ACS Appliance ver4.1

I would strongly recommend saving yourself a lot of trouble and buying a certificate from an online CA. I always recommend www.rapidssl.com as their certs are cheap ($200 for three years), quick to get (about 20 minutes) and they work very well with ACS. No need to install root certs on your client devices, no extra hassle, nice and easy.

Self generated certs seem like a good idea but when you take account of all the extra effort against the low cost of a bought certificate it just isn't worth it.

New Member

Re: Request certificate to ACS Appliance ver4.1

Thanks, but this solution she is not the one that I require, I need to use a CA Enterprise in a Windows 2003,I need to configuring EAP TLS and to authenticate to the users of domain Windows.

Re: Request certificate to ACS Appliance ver4.1

Sounds like the obvious answer might be required here... Check that the CA & ACS are both set to the correct Time & Date. If the CA or ACS date settings are very wrong, then the data comparison that takes place will easily be invalidated, and you get an error like the one you're seeing.

Check date settings on the boxes and get back to us...

Regards,

Richard

New Member

Re: Request certificate to ACS Appliance ver4.1

And check the date and correct this, the problem is that I am not generating the file. PVK, even if asked to do so.

Best regard.

Giovanni Anfossi

Re: Request certificate to ACS Appliance ver4.1

I take it you must have installed a cert even though it's reported as not valid? If so, try removing the installed cert (you can do this through the "Install Cert" option, just don't enter any information and click submit) then raise a new CSR.

New Member

Re: Request certificate to ACS Appliance ver4.1

I'm not that familiar with the Appliance, but W2K3 doesn't allow the private key to be exported with the certificate. That caused me trouble with a 4.1 ACS server. You must create a new template on the CA that allows the key to be exported.

See Cisco Document ID: 64068

Wes

147
Views
0
Helpful
6
Replies
CreatePlease to create content