I m trying to setup eap-tls 802.1x using ACS SE 220.127.116.11.4 , WLC & CA. The problem i m facing is with installing the CA certificate on ACS appliance. Tried everything from cisco docs but not able to install certificate as its giving " Unsupported private key file format." The steps whic i had performed are...
1) Generate Certificate Signing Request:
Certificate subject ---- CN=idea_acs_01
Private key file ---- privatekeyfile.pem
Private key password -- cisco
Retype private key password -- cisco
Key length --- 1024
Digest to sign with --- SHA1
Then coppied the certificate signing request from the right side & pasted it on CA using "advanced certificate request" & then "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file" option on CA & pasted the output in Base-64-encoded
certificate request. Then issued the certificate from CA & downloaded it on my desktop & then from my desktop to FTP server.
Even made a file naming privatekeyfile.pem with the output got during Generating Certificate Signing Request & uploaded the same on FTP.
2)Install ACS Certificate:
Then downloaded the certificate certnew.cer from FTP server using Download certificate file option. And also Download private key file from the FTP & typed password cisco. But after Submiting it gives error:
"Unsupported private key file format."
m not able to get why this srror is comming. Even tried all the steps above changing the format of Private key file ie .pvk , .pk but its not working for me.
Can anyone guide me whats the issue. Thanks in advance..
Ya its an appliance.. do you mean to say that for appliance i dont need to create a .pem or .pvk file & upload it using ftp server.. what i need to do is just give password which i used initialy while generating the certificate during installing the CA certificate on appliance..
yes, that is what I am saying. You only download the ACS server cert and the CA server cert. For private, just specify and name and password and the field for the name will still be filled in when you install the ACS server cert. Don't change the name field, just enter the same password.
I ran into this same issue on the non-appliance ACS ver 4.2. After reading all the docs I ended up tacing and it took a total of 5minutes and we went about it a completely different way. This is the guide that was sent to me via tac:
If you do a CSR, it's really quite simple. Once you take the csr request and you input the information into your CA (I'm assuming Windows environment) you'll get a hash key back that you can then paste into ACS and your done.
Transferring Crash file from standby: Login to the Active WLC in HA.
From CLI: (Cisco Controller) >transfer upload datatype crash (Cisco
Controller) >transfer upload filename (Cisco
Controller) >transfer upload mode tftp (Cisco Controller) >transfer
This is the start of a display filter cross reference between Wireshark
and OmniPeek. The 1st installment is a table of advanced filters. More
filters will be added as time allows. It is a living doc, so check back
for changes every so often Please feel f...
I have created a Powershell script to automatically add a Wireless Guest
User on Cisco WLCs. (tested on 2500 Series) The script should be
completely self explanatory. Prerequisites: Powershell SNMP Module
(Install-Module -Name SNMP) SNMP Write Access to y...