Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Upgrade ACS 4.2 to 5.5 with client certificate authentication

I understand that there is a migration tool that can help upgrade ACS 4.2 on windows platform to 5.5 apliance. However, it does not support certificate migration.

Customer is using client certificate for wireless client authentication. Does that mean I have to generate CSR on the new ACS 5.5 appliance and have it signed by an external CA, for every client certificate on the existing ACS 4.2?

Cisco Employee

Upgrade ACS 4.2 to 5.5 with client certificate authentication



Certificate  Authentication Profiles allows you to customize the authentication for different  certificate profiles.

Identity store  authorization is optional for certificate-based authentication.

Root CA  certificates must be imported.

Trusted certificate authorities are defined under the  certificate configuration options in Users and Identity Stores. Here, the  authentication characteristics of different certificate profiles are also  specified.

Certificate authentication profiles are referenced in access  service identity policy, and they allow you to specify:

The certificate  field that should be used as the principal username.

Whether a binary  comparison of the certificate should be performed.

Migration Notes

PEM- or  DER-formatted  X.509 certificates can be imported to create a list of trusted CAs.

ACS 5.5 does  not check whether the certificate owner exists in a directory, but you can check  the existence of a user attribute in an access service authorization policy.

for more details please go through the following link:

CreatePlease login to create content