Link to home
Start Free TrialLog in
Avatar of amigan_99
amigan_99Flag for United States of America

asked on

Cisco ACS second root certificate

I asked a related question earlier - but as I'm about to deploy I noticed a detail. If the current root CA has " Trust for client with EAP-TLS" checked If I add the second root CA and intermediary cert - should I also have " Trust for client with EAP-TLS"  checked on the new certificates? Or does that need to only be checked in one place or another?



The earlier Q: My security group asked me to add root and intermediate certs to Cisco ACS so we can use that for wifi EAP TLS. Where I'm getting logged down is that I see two different places for adding certs.

1) Users and ID Stores/Ex ID Stores/Certificate Authorities. There is currently an internal root cert there. But I don't see an intermediate issuing cert.

2) Sys Admin/Configuration/Local Certs.

Do I just add the root cert and intermediate cert to the first location? Anything I need to do with Local Certs? Any CSRs that need to be generated and fulfilled?
ASKER CERTIFIED SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of amigan_99

ASKER

Thanks Craig. I'll put it in tonight and let you know. Say - you had mentioned that you also need to do a local CSR. Is it the case that EAP TLS will not work if you fail to do that step as well? Or is that just for say managing the ACS etc?
It all went in OK and nothing broke! Thanks so much Craig.