Solved

ACS 5.4 Wildcard SSL Certificate

Posted on 2014-11-02
3
359 Views
Last Modified: 2014-11-17
Hi experts,

I have a Wildcard SSL Certificate, I also have the files .pem, .key and the .cert.  I install the .key file on the Local Certificates TAB but according to several articles that I google I should export the created cert and send it to the CERTIFICATE AUTHORITY. Will this be the process?
Please advise
0
Comment
Question by:chenzovicc
3 Comments
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40418822
you are not given the subordinate certificate authorization from the issuing site.  If you look at your certificate you will see what roles it is valid for. i.e. Server encryption, Client Encryption, identify machine, you will not see issue certificates, so adding it to your certificate authority is a waste of time.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 40418897
First most, you should be more of either using internal CA (which I suspect you do not have) or external trusted CA to generate the SSL server cert required for ACS appliance. All these will requires the generation of cert service request (CSR) so that CA can issued the cert for subsequent importing.

Apparently, you may be using self signed (you can check based on your cert whether which is the CA stated it  likely the device itself (assuming that you generate that cert from the equipment). Note there is no sharing of your private key to CA and should not be happening except for those originally CA issued - not the other way round. Same applies for renewal CSR..

Can reference below for more details on the ACS steps
 - (example of using external CA) https://www.sslshopper.com/cisco-secure-acs-ssl-installation-instructions.html
 - (example of using internal CA in pdf but may be old) http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-solution-engine/49941-config-acs-sol-eng.html

Side note - SSL Wildcard Certificates won't work for multiple levels. This means that an SSL Certificate Wildcard for *.mydomain.com won't work on www.mail.mydomain.com
0
 

Author Closing Comment

by:chenzovicc
ID: 40449047
Thanks for your help
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you are looking at this article, you have most likely been hit by some version of ransomware and are trying to find out if there is anything you can do, or what way you should react - READ ON!
Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question