Unable to access CS ACS 1113 appliance after enabling HTTPS management
I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error:
Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)
when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. Any ideas? The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.
Unable to access CS ACS 1113 appliance after enabling HTTPS mana
I have managed to fix this for anyone who's interested. The problem was caused by the certificate template I used when I created from my CA server. It should be a web server certificate template and I left this setting at the default which is set to Administrator template.
To recover the appliance this is what I did:
I downloaded a trial version of ACS 4.1 for windows and installed it onto a Win2003 server.
From the console CLI connection on the ACS appliance I did a backup of the device and put this onto my FTP server.
Then I restored this backup to the Windows ACS trial version. I immediately had the same issue with unable to access the GUI due to the certificate issue.
I then went into the Certificate Snap in via MMC and found the certificate and CA certificate and deleted them and rebooted the server. Now I could access the GUI correctly and the management access over HTTPS was now turned off.
So then I created a new certificate from my CA server, with the correct template and installed it onto the Windows ACS server. I tried Management access over HTTPS and all good but decided to disable this as not required. (The certificate is for PEAP authentication). Then I backed up the Windows ACS and restored it into the appliance - hey presto it's back.
Moral of the story - don't use Management over HTTPS!!
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :