Educause Security Discussion mailing list archives

Cisco ACS 3.3 Certificate Configuration

From: Andrew Davis <Andrew.Davis () RCC EDU>
Date: Wed, 17 Mar 2010 09:06:00 -0700

Hello,

I am moving away from using a self-signed certificate to getting a cert cut from a trusted root CA.

My question is this - I have 2 ACS appliances (ver 3.3) that I have set up as a primary and secondary authenticator for 
our PEAP wireless clients. I have replication functioning between the 2 ACS appliances.
I want to generate a CSR and install a certificate on each of the ACS appliances.
Can I use the same certificate on both ACS appliances and just list both hostnames in the SAN field, or will I need a 
unique certificate for each appliance?

In looking over the ACS documentation on generating a certificate signing request - I do not see 'SAN' listed as a 
valid field in the Certificate Subject - so I may have answered my own question.
Any thoughts on using the same certificate on both ACS servers, or am I stuck generating 2 CSRs and installing 2 
separate certificates?

Thanks!

Andrew Davis, CCNA
Network Support
Riverside Community College

Current thread:

Cisco ACS 3.3 Certificate Configuration Andrew Davis (Mar 17)
- <Possible follow-ups>
- Re: Cisco ACS 3.3 Certificate Configuration Truong, Joseph (Mar 17)
- Re: Cisco ACS 3.3 Certificate Configuration Todd Gould (Mar 17)