Educause Security Discussion mailing list archives
Re: Cisco ACS 3.3 Certificate Configuration
From: Todd Gould <Todd.M.Gould () WILLIAMS EDU>
Date: Wed, 17 Mar 2010 21:40:03 -0400
Hi Andrew, Your environment is somewhat similar to what I set up here at Williams College. I took my primary physical ACS (4.2), and created a virtual from it, set up database replication, etc. I specifically tested to see how the virtual would offer up the server certificate to the client, and was pleasantly surprised to see that it presented as my primary physical ACS. No need to purchase yet another cert from a trusted source. It blows me away that it could work this, but it does. If you need any additional information, please feel free to contact me. Todd -- Todd M.Gould Networks & Systems Administrator Office for Information Technology Williams College todd.m.gould () williams edu Phone: 413-597-3407 Mobile: 413-281-0226 Fax: 413-597-4276 IM: AOL/Skype todd8895gould Williams College 22 Lab Campus Drive Williamstown, MA 01267 http://oit.williams.edu/ Think before you print. Andrew Davis wrote:
Hello, I am moving away from using a self-signed certificate to getting a cert cut from a trusted root CA. My question is this – I have 2 ACS appliances (ver 3.3) that I have set up as a primary and secondary authenticator for our PEAP wireless clients. I have replication functioning between the 2 ACS appliances. I want to generate a CSR and install a certificate on each of the ACS appliances. Can I use the same certificate on both ACS appliances and just list both hostnames in the SAN field, or will I need a unique certificate for each appliance? In looking over the ACS documentation on generating a certificate signing request – I do not see ‘SAN’ listed as a valid field in the Certificate Subject – so I may have answered my own question. Any thoughts on using the same certificate on both ACS servers, or am I stuck generating 2 CSRs and installing 2 separate certificates? Thanks! Andrew Davis, CCNA Network Support Riverside Community College
Current thread:
- Cisco ACS 3.3 Certificate Configuration Andrew Davis (Mar 17)
- <Possible follow-ups>
- Re: Cisco ACS 3.3 Certificate Configuration Truong, Joseph (Mar 17)
- Re: Cisco ACS 3.3 Certificate Configuration Todd Gould (Mar 17)