Re: Cisco ACS 3.3 Certificate Configuration

[Todd Gould <Todd.M.Gould () WILLIAMS EDU>]

Hi Andrew,

Your environment is somewhat similar to what I set up here at Williams
College. I took my primary physical ACS (4.2), and created a virtual
from it, set up database replication, etc. I specifically tested to see
how the virtual would offer up the server certificate to the client, and
was pleasantly surprised to see that it presented as my primary physical
ACS. No need to purchase yet another cert from a trusted source. It
blows me away that it could work this, but it does. If you need any
additional information, please feel free to contact me.

Todd

--
Todd M.Gould
Networks & Systems Administrator
Office for Information Technology
Williams College

todd.m.gould () williams edu
Phone: 413-597-3407
Mobile: 413-281-0226
Fax: 413-597-4276
IM: AOL/Skype todd8895gould


Williams College
22 Lab Campus Drive
Williamstown, MA 01267



http://oit.williams.edu/



Think before you print.


Andrew Davis wrote:
> Hello,
>
> I am moving away from using a self-signed certificate to getting a
> cert cut from a trusted root CA.
>
> My question is this – I have 2 ACS appliances (ver 3.3) that I have
> set up as a primary and secondary authenticator for our PEAP wireless
> clients. I have replication functioning between the 2 ACS appliances.
>
> I want to generate a CSR and install a certificate on each of the ACS
> appliances.
>
> Can I use the same certificate on both ACS appliances and just list
> both hostnames in the SAN field, or will I need a unique certificate
> for each appliance?
>
> In looking over the ACS documentation on generating a certificate
> signing request – I do not see ‘SAN’ listed as a valid field in the
> Certificate Subject – so I may have answered my own question.
>
> Any thoughts on using the same certificate on both ACS servers, or am
> I stuck generating 2 CSRs and installing 2 separate certificates?
>
> Thanks!
>
> Andrew Davis, CCNA
>
> Network Support
>
> Riverside Community College