The CA is a Windows 2003 and the ACS Appliance 4.1 is running on an embedded Windows 2000. I need to implement EAP-TLS, I have read several documents that explain how ask for certificates to the ACS, nevertheless it has not been possible to me to use them, ACS shows this error when I have tried to load it: "the CA certificate you're trying add is expired or is not yet valid ".
I have done the procedures described in the guides rigorously, and I have not get any successful result.
I would strongly recommend saving yourself a lot of trouble and buying a certificate from an online CA. I always recommend www.rapidssl.com as their certs are cheap ($200 for three years), quick to get (about 20 minutes) and they work very well with ACS. No need to install root certs on your client devices, no extra hassle, nice and easy.
Self generated certs seem like a good idea but when you take account of all the extra effort against the low cost of a bought certificate it just isn't worth it.
Sounds like the obvious answer might be required here... Check that the CA & ACS are both set to the correct Time & Date. If the CA or ACS date settings are very wrong, then the data comparison that takes place will easily be invalidated, and you get an error like the one you're seeing.
Check date settings on the boxes and get back to us...
I take it you must have installed a cert even though it's reported as not valid? If so, try removing the installed cert (you can do this through the "Install Cert" option, just don't enter any information and click submit) then raise a new CSR.
I'm not that familiar with the Appliance, but W2K3 doesn't allow the private key to be exported with the certificate. That caused me trouble with a 4.1 ACS server. You must create a new template on the CA that allows the key to be exported.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :