With the cisco ACS appliance the local certificate is issued at 1year. If it should expire you can easily craft a new certificate that's self-signed or a CSR.
The steps are very simple under ;
System Administration > Configuration> Local Server Certificates
1: Select the certificate type with the correct CN/lifetime
2: ensure you set the new certificate to be use for EAP and webGui
3: issue a acs stop and a acs restart after deleting the pre-existing local-server-certificate
4: confirm the new certificate is indeed being used;
e.g
mac-1093e90f35a4:~ kfelix$ gnutls-cli 10.50.2.241 | grep expires
*** Fatal error: Error in the certificate.
*** Handshake has failed
GnuTLS error: Error in the certificate.
- subject `CN=WTW1INFPVTAC001', issuer `CN=WTW1INFPVTAC001', RSA key 2048 bits, signed using RSA-SHA256, activated `2016-10-11 19:02:25 UTC', expires `2019-10-11 19:02:25 UTC', SHA-1 fingerprint `5a6018dbf4ae42b22e99b449aa539e767d8af6eb'
mac-1093e90f35a4:~ kfelix$
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
No comments:
Post a Comment