Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS Self Signed

The duration of the certificate of the ACS is one year. This means I have to install the new certificate in workstations, again?? Or only create the new certificate again in the ACS??

2 REPLIES
Cisco Employee

Re: ACS Self Signed

Hi,

yes it means you will have to re-install it on the clients. This is why self-signed certificates are not the best solution with regards to admin overhead.

The best for you would be to setup a CA (openssl, windows server, ...) that issues a certificate to ACS. You could renew the ACS certificate and not change anything to the clients since they trust the CA (and thus all the servers who have a cert of that CA).

Hope this helps.

Nicolas

===

Don't forget to rate answers that you find useful

Cisco Employee

Re: ACS Self Signed

The ACS cert is only needed on the clients if you have the clients trusting the ACS certificate.

For example if you are using PEAP or EAP-TLS and trusting the Server cert.

If you do not have this constraint then you do not need to install the ACS cert on the clients.

You only need to create the ACS cert again.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

264
Views
11
Helpful
2
Replies
CreatePlease login to create content