Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Unable to access CS ACS 1113 appliance after enabling HTTPS management

I've recently installed a certificate on my ACS 1113 appliance and in the Admin setup enabled management access over HTTPS. Since then I've not been able to access the GUI console. I have done some troubleshooting and I'm fairly certain that I have a certificate issue as Firefox gives me the error:

Certificate type not approved for application. (Error code: sec_error_inadequate_cert_type)

when I try and connect. So I want to either reconfigure the management access to use just HTTP or remove the certificate. I have logged on to the serial console and there are no options her to do this. Any ideas? The RADIUS and TACACS functions are working correctly - I just can't logon via the GUI.

Everyone's tags (1)
1 REPLY
New Member

Unable to access CS ACS 1113 appliance after enabling HTTPS mana

I have managed to fix this for anyone who's interested. The problem was caused by the certificate template I used when I created from my CA server. It should be a web server certificate template and I left this setting at the default which is set to Administrator template.

To recover the appliance this is what I did:

I downloaded a trial version of ACS 4.1 for windows and installed it onto a Win2003 server.

From the console CLI connection on the ACS appliance I did a backup of the device and put this onto my FTP server.

Then I restored this backup to the Windows ACS trial version. I immediately had the same issue with unable to access the GUI due to the certificate issue.

I then went into the Certificate Snap in via MMC and found the certificate and CA certificate and deleted them and rebooted the server. Now I could access the GUI correctly and the management access over HTTPS was now turned off.

So then I created a new certificate from my CA server, with the correct template and installed it onto the Windows ACS server. I tried Management access over HTTPS and all good but decided to disable this as not required. (The certificate is for PEAP authentication). Then I backed up the Windows ACS and restored it into the appliance - hey presto it's back.

Moral of the story - don't use Management over HTTPS!!

1160
Views
0
Helpful
1
Replies
CreatePlease login to create content