Re: Cisco ACS 3.3 Certificate Configuration

["Truong, Joseph" <Joseph.Truong () UCSFMEDCTR ORG>]

Andrew,

You will need 2 CSRs' and install individually on each of the servers.   You also need to have individually name of 
each server for the certificate signing request to submit to the certificate authority.


Joseph Truong
Senior Network Engineer & Security Analyst
UCSF Medical Center
Enterprise Information Technology Services
Tel: 415-353-4599 Office
Tel: 415-717-4846 Cell
Email: Joseph.truong () ucsfmedctr org<mailto:Joseph.truong () ucsfmedctr org>



From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Andrew 
Davis
Sent: Wednesday, March 17, 2010 9:06 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Cisco ACS 3.3 Certificate Configuration

Hello,

I am moving away from using a self-signed certificate to getting a cert cut from a trusted root CA.

My question is this - I have 2 ACS appliances (ver 3.3) that I have set up as a primary and secondary authenticator for 
our PEAP wireless clients. I have replication functioning between the 2 ACS appliances.
I want to generate a CSR and install a certificate on each of the ACS appliances.
Can I use the same certificate on both ACS appliances and just list both hostnames in the SAN field, or will I need a 
unique certificate for each appliance?

In looking over the ACS documentation on generating a certificate signing request - I do not see 'SAN' listed as a 
valid field in the Certificate Subject - so I may have answered my own question.
Any thoughts on using the same certificate on both ACS servers, or am I stuck generating 2 CSRs and installing 2 
separate certificates?

Thanks!

Andrew Davis, CCNA
Network Support
Riverside Community College