Monday, October 24, 2016

cisco ACS local-server

With the cisco ACS appliance  the local certificate is issued at  1year. If it should expire you can easily craft a new certificate that's self-signed or a CSR.

The steps are very simple under ;


System Administration > Configuration>  Local Server Certificates




1: Select the  certificate type with the correct CN/lifetime


2: ensure  you set the  new certificate to  be use for  EAP and webGui


3: issue a acs stop and a acs restart  after deleting the pre-existing local-server-certificate


4: confirm the new certificate is indeed being used;

e.g

mac-1093e90f35a4:~ kfelix$ gnutls-cli 10.50.2.241 | grep expires
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
 - subject `CN=WTW1INFPVTAC001', issuer `CN=WTW1INFPVTAC001', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-10-11 19:02:25 UTC', expires `2019-10-11 19:02:25 UTC', SHA-1 fingerprint `5a6018dbf4ae42b22e99b449aa539e767d8af6eb'
mac-1093e90f35a4:~ kfelix$




Ken Felix

NSE ( network security expert) and Route/Switching Engineer
kfelix  -----a----t---- socpuppets ---dot---com

     ^      ^
=(  @  @ )=
         o 

        /  \

No comments:

Post a Comment