Installing certificate on ACS Server

i want to install the certificate in acs server, I have taken the option generate certificate signed request. configured all parameters like install ACS certificate, authority setup and trust list. the certificate has been generated and installed on the machine. But when i try to login to system it is working normally with http only. how can i change it to https. please anyone help me.

Hi,
To Enable HTTPS for ACS :
Goto Administration Control -- Access Policy -- SSL Setup -- Use HTTPS Transport
To Create & Install a Server Certificate:
System Configuration -- ACS Certificate Setup -- Generate Self Signed Certificate -- Fill in the details -- Select- Install Generated Certificate
Restart ACS Services under Service Control
When you try to log into the ACS you would get a warning -- Select Yes
Tnx,
somishra

Similar Messages

  • Not able to install or generate acs server certificate

    Hi,
    I have one test set-up with one layer 3 switch and one autonomous AP 1131. I have configured one SSID and without any authentication and it was not able to connect successfully.
    But now i want to try enable WPA2 enterprise ( Actually , after checking with the test set up , i am going to implement in live set-up where i have to configure WPA2 enterprise so that i would like to go for testing wpa2 enterprise not wpa2 personal ).
    I have ACS server 3.0 trial version and installed on windows server 2000 and
    on AP 1131 i have configured radius server commands
    ( aaa- new model  and radius server host ... ip address ... key ..... shared secret ... password .. ).
    I am confused with certificate which is required to install on acs server but i am not able to generate the certificate or not able to get the certificate from anywhere in acs server option.
    how to generate acs server certificate in trial version 3.0 and after generating how to install in acs server and what about client ... will it be same certificate which i need to install in cllient PC's and if yes how to add in client pc's and if not , where will i get cllient certificate ,..
    if i buy ACS software which i will be installed windows platform , i will get two certificate ,,,,,,,,, what about acs trial version software .... will i be able to get certificate .......
    i am trying to refer so many documents but it could not help me ..
    Your help will be appreciative.
    Looking for proper information.

    Hi,
    Thanks for your response ....
    obivously , This ACS 3.0 is end of supprt but when i tried to install the acs 4.0 or later , I am not getting an error saying " basic platform should be installed first , that is ACS 3.0 ".
    That is the reason i have gone for this edition .
    Should i go for upgrading the acs 3.0 to 4.1 or later version ?
    if so , will it be possible on trail version ?
    please give me your suggestion.

  • Installing certificate on Lync server WS 2008R2 standard

    Hi,
    I'm new to all this. Can someone please help. We are on a domain and recently our Certificate for Lync expired, so now "Lync" is not functioning. We also have an edge server. I know it has expired because I see it in the event viewer. So the
    first question, How do I renew the certificate for Lync, I can't find it on the server. Once I get that information, Do I install the certificate on the Lync server or the Edge server? thank you for helping a newbie!

    Both of those servers (front end and edge) need certificates, you might also want to check for a certificate on a reverse proxy as well (if you ping meet.yoursipdomain.com externally, whatever server that IP NATs to).  You request them using
    the deployment wizard, clicking "Install or Update Lync Server System" then re-running step 3.  Once you have your certificate assigned, you'd need to restart services.  Here's a link that walks through it:
    http://uclobby.com/2013/09/16/renewing-lync-server-20102013-certificates/
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Installing Certificates on ACS 3.3 for Windows

    We have Microsoft CA and we have installed the certificates on ACS but the certificate dosen't show up in the trust list. Anyone have any ideas? ACS will allow me to turn on PEAP but authentication fails.

    Configuring for PEAP or EAP-TLS can be tricky and there are lots of caveats. This EAP-TLS deployment guide has some info on cert setup that should be equally applicable for PEAP as well.
    http://www.cisco.com/en/US/netsol/ns339/ns395/ns176/ns178/networking_solutions_white_paper09186a008009256b.shtml#wp39247

  • Certificate on acs

    Hello Folks
    wifi users are authenticated via single sign on on ms AD  using acs(802.1X)
    question is. is it mandatory to generates a certificate in the acs than export it to the contoller in order to let the authentication works

    Hi Ibrahim,
    How are you?
    First, what 802.1X EAP are you using?What ACS rev are you on?
    I will assume PEAP.
    1) ACS Cert is requried. You have 2 options for a certifciate.
         a. You can do a self generated certifciate which is  created on and by the ACS server. This cert last 12 months from the time  you create      it. Here is further reading on the ACS self cert.
         Personally, Im not a fan of the self signed ACS  certiciate. Becuase if you vaildate the cert on the client you will need  to push this cert to      each client. I will explain that later.
    Self-signed Certificate Setup (only if you do not use an external CA)
    Note: When you test in the lab with self-signed certificates,  it results in a longer authentication time the first time a client  authenticates with the Microsoft supplicant. All subsequent  authentications are fine.
    Complete these steps:
    On the Cisco Secure ACS server, click System Configuration.
    Click ACS Certificate Setup.
    Click Generate Self-signed Certificate.
    Type something into the Certificate subject field preceded by cn=, for example, cn=ACS33.
    Type the full path and name of the certificate that you want to create, for example, c:\acscert \acs33.cer.
    Type the full path and name of the private key file that you want to create, for example, c:\acscert \acs33.pvk.
    Enter and confirm the private key password.
    Choose 1024 from the key length drop-down menu.
    Note: While Cisco Secure ACS can generate key sizes greater  than 1024, the use of a key larger than 1024 does not work with PEAP.  Authentication might appear to pass in ACS, but the client hangs while  authentication is attempted.
    Check Install generated certificate.
    Click Submit.
         b. You can get a CA signed certifciate. If you are  using 4.x ACS you can generate what is called a CSR. Certifciate Signing  Request. You           then send the CSR to a CA and they generate a cert for you.
    Here is a link to read up on the CA certifciate.
    http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml#t14
    How and where to install the certs and how it works...
    1) The cert is installed on the ACS server and the  client IF a) you are vaildating the cert on the client b) you are using  an acs self signed cert
    So the ACS server has a cert  installed on it. This cert is used to building a secure tunnel between  the ACS server and the wireless client so that when the wireless client  passes its credentials they can not be seen as they are passed in the  tunnel created by the cerifciate (think HTTPS).
    When a  wireless client connects. The WLC / WLAN is configured with 802.1X. So  the WLC passes all the authentication traffic directly to the ACS. So  the WLC DOESNT NEED TO KNOW ABOUT THE CERT. This chatter is just between  the ACS and the wireless client and the WLC acts as the middle man.
    So  the wireless client connects. The ACS server sends the cert (the one  you added) to the wireless client. The wireless client has 2  configurable options. 1) Vaildate the certifciate 2) Not Vaildate the  certifciate. If you Vaildate the certifciate then that cert needs to be  on the client, becuase the client is going to look at the cert presented  by the acs server and see if it has it in its root store, thus  vaildating it. Or you can not vaildate it. If you dont vaildate it, it a  BIG security boo boo.
    Make sense?

  • Public Certificate for ACS

    Can anyone tell me if there are security issues with using a public certificate on ACS to be utilized for PEAP authentication? Trying to make this more manageable for our Windows Mobile devices and what they have for default for root CA's. Thanks

    I would say partial yes to your post. Since, ACs is going to assign certificate, if ACS server is secure, hence the certifcate.

  • ACS Server certificate export

    Hello,
    We are in the process of renewing a certificate for our ACS server (v3.2). Is there a way to export the certificate currently in use?
    We don't want to lose it if we install a certificate that does not work. We are also exploring using a self-signed certificate, but we're not sure if that will meet our needs.
    Thanks!

    Thanks for the info...unfortunately, we tried doing the self-signed certificate, but clients couldn't connect to our wireless network (we use that to authenticate wireless users). We then tried to do a restore from a backup taken earlier this morning and it's still trying to restore - as if something is hung and won't shut down.
    This is ACS 3.2 running on a Windows 2003 server.

  • How to monitor a certificate period validity installed on the ACS ?

    Hello,
    I have to monitor a certificate period validity installed on the ACS with Centreon.
    Someone can help me ?
    Thanks,
    Regards,
    Oliver.

    Step 1 In the navigation bar, click System Configuration.
    Step 2 Click ACS Certificate Setup.
    Cisco Secure ACS displays the Installed Certificate Information table on the ACS Certificate Setup page.
    Note If your Cisco Secure ACS has not already been enrolled with a certificate, you do not see the Installed Certificate Information table. Rather, you see the Install new certificate table. If this is the case, you can proceed to Step 5.
    Step 3 Click Enroll New Certificate.
    A confirmation dialog box appears.
    Step 4 To confirm that you intend to enroll a new certificate, click OK.
    The existing Cisco Secure ACS certificate is removed and your CTL configuration is erased.
    Step 5 You can now install the replacement certificate in the same manner as an original certificate. For detailed steps, see Installing a Cisco Secure ACS Server Certificate.

  • SUN Java System Web Server 7.0U1 How to install certificate chain

    I am trying to install a certificate chain using the SUN Java Web Server 7.0U1 HTTPS User interface. What I have tried so far:
    1. Created a single file using vi editor containing the four certificates in the chain by cutting an pasting each certificate (Begin Certificate ... End Certificate) where the top certificate is the server cert (associated with the private key), then the CA that signed the server cert, then the next CA, then the root CA. Call this file cert_chain.pem
    2. Go to Certificates Tab/Server Certificates
    3. Choose Install
    4. Cut and paste contents of cert_chain.pem in the certificate data box.
    5. Assign to httplistener
    6. Nickname for this chain is 'server_cert'
    7. Select httplistener and assign server_cert (for some reason, this is not automatically done after doing step 5).
    8. No errors are received.
    When I display server_cert (by clicking on it), only the first certificate of the chain is displayed and only that cert is provided to the client during the SSL handshake.
    I tried to do the same, except using the Certificate Authority Tab, since this gave the option of designating the certificate as a CA or chain during installation. When I select ed "chain," I get the same results when I review the certificate (only the first cert in the file is displayed). This tells me that entering the chain in PEM format is not acceptable. I tried this method since it worked fine with the F5 BIG-IP SSL appliance.
    My question is what format/tool do I need to use to create a certificate chain that the Web Server will accept?

    turrie wrote:
    1. Created a single file using vi editor containing the four certificates in the chain by cutting an pasting each certificate (Begin Certificate ... End Certificate) where the top certificate is the server cert (associated with the private key), then the CA that signed the server cert, then the next CA, then the root CA. Call this file cert_chain.pemIn my opinion (I may be wrong) cut and pasting multiple begin end
    --- BEGIN CERTIFICATE ---
    ... some data....
    --- END CERTIFICATE ---
    --- BEGIN CERTIFICATE ---
    ... some data....
    --- END CERTIFICATE ---is NOT the way to create a certificate chain.
    I have installed a certificated chain (it had 1 BEGIN CERTIFICATE and one END CERTIFICATE only and still had 2 certificates) and I used the same steps as you mentioned and it installed both the certificates.
    some links :
    [https://developer.mozilla.org/en/NSS_Certificate_Download_Specification|https://developer.mozilla.org/en/NSS_Certificate_Download_Specification]
    [https://wiki.mozilla.org/CA:Certificate_Download_Specification|https://wiki.mozilla.org/CA:Certificate_Download_Specification]

  • How do i install a self signed server certificate

    After using the admin tool to generate a request CSR, how do I sign this myself for testing purposes so I can install it and therefore run using https?
    I have keytool and certutil both available on the system.
    My most recent solution was to cut and paste the request to www.thawte.com/cgi/server/test.exe and it would return a certificate that was good for 21 days. This however is not the solution I am looking for.
    Thanks

    Hi,
    I recently found out a way how to install test or self-signed certificates and use it with S1SE.
    See:
    http://www.gtlib.cc.gatech.edu/pub/linux/docs/HOWTO/other-formats/html_single/SSL-Certificates-HOWTO.html
    Follow the instructions there
    1. Create CA
    2. Create root ca certificate
    Now install the root-ca-certificate in S1SE -> Security>Certificate Management and Install a "Trusted Certificate Authority".
    Paste the contents of the file: cacert.pem into the message-text box.
    Then restart the server. Now your CA-Cert should be visible in the Manage Certificates menu.
    The next step is to send a certificate-request from S1SE to your e-mail-address.
    The contents of the e-mail the server sends to you (certificate request) must be pasted into the file: newreq.pem.
    Now just sign the Request:
    CA.pl -sign
    The last step is that you have to paste the contents of the file newcert.pem into the message-box of the Security>Certificate Management - now under the option Certificate for "This Server".
    Then you have to reboot the server/instance again and it should work with your certificate.
    Regards,
    Dominic

  • Installing Certificate on SunOneweb6.1 server

    i am trying to install a server certificate but unfortunatly i dont see the certificate at the Security TAB under Managed Certificates:
    here is the command that i am running to import the certificae to the
    server instance database:
    pk12util -i www.ggg.com.pk12 -d /opt/iplanet/servers/alias/ -P https-test
    please advice
    thanks in advanced

    Both of those servers (front end and edge) need certificates, you might also want to check for a certificate on a reverse proxy as well (if you ping meet.yoursipdomain.com externally, whatever server that IP NATs to).  You request them using
    the deployment wizard, clicking "Install or Update Lync Server System" then re-running step 3.  Once you have your certificate assigned, you'd need to restart services.  Here's a link that walks through it:
    http://uclobby.com/2013/09/16/renewing-lync-server-20102013-certificates/
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications
    This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

  • Installed certificate And testing online shows no certificate in the server.

    I just got a new server certificate for some web services of my server 2003, but after installing it I keep getting that there's no certificate in the server with tools like https://www.sslshopper.com/ssl-checker.html and https://www.digicert.com/help/
    My server is: remote.visaustralia.com
    and what I did was the following:
    I imported the certificate in the "certificates" complement of the Management Console. Then in the IIS I selected my default website>Directory Security>Server Communications and added my server certificate.
    And
    (Pictures are at 50% size, if you need to see details just right click it and open in new window) I would appreciate any help on this matter. 

    Hi,
    This is not a DNS/DHCP/IPAM question, but I will try to help.
    In addition to importing the certificate you must also bind it to port 443.
    https://www.digicert.com/ssl-certificate-installation-microsoft-iis-7.htm
    Thanks
    -Greg

  • :: PEAP Certificate on ACS ::

    hi all,
    is it posible to have 2 CA Certficate for PEAP in one ACS Server? One active ony
    i'm using a test certificate and i want to install the production one, i know that only one should be active. but i'm looking for this to decrease the down-time for useres when i change the certficate.

    As far as I know, you cannot have two CA certificates for PEAP in one single ACS server

  • Installing Cert on ACS Appliance

    I am trying to install a Cert on an ACS Appliance V3.2. I have created the cert using a MS CA on our network but when I try and install it says that the Private Key file cannot be blank. Any help would be appreciated.
    -clyde

    I had the same problem. Cisco's only help was to tell me that ACS Ver 3.2.3 only supported key sizes of 1024 bits minimum.(our root CA had a key size of 512)
    I resolved this by uninstalling the ACS then installing the root CA certificate on the server, next I made an enrollment request to the CA for the ACS's own certificate which was subsequently downloaded and installed.
    After re-installing the ACS server, I just selected "use certificate from storage" rather than "use certificate from file"

  • How to register iOS device when using self signed certificate with apple Server?

    Hi,
    I have installed the server.app by Apple and used a slef signed certificate for my server. Now I want to register my different devices (iMac, iPhone etc.). I could register the iMac without problesm (I just had to add my self signed certificate to the trusted certificates)
    Sadly, with the iPhone it is not that easy. I can install the "trust profile", but still after that I can not register my device. It seems like it does not accept my self signed certificate for device registration. When adding a registration profile, I get the error "www._mydomain_.tld/devicemanagement/api/device/auto_join_ota_service" is not valid.
    Nethertheless, I can install a profile with setting, e.g. my imap settings, via the profile management without problems.
    Does anyone have an idea how to get around the problem with the self signed certificate?
    Best regards

    Try deleting the Server.app and download it again from the App Store, restart.
    My Server is also using self signed certificates and is working with iOS device (Trust Profile needed first).

Maybe you are looking for