Cisco AAA/Identity/Nac :: Cannot Import Certificate To CSACS SE 4.2

Mar 2, 2009

I cannot import certificate from CA (Certificate Authority). When I attempt to install the certificate to CSACS SE 4.2, the following error occurs during installation: "Unsupported private key file format".

View 7 Replies


ADVERTISEMENT

Cisco VPN :: How To Import SSL Certificate To ASA 5510

Jun 3, 2012

Do you know the procedure of import SSL certificate from Godaddy to ASA 5510? attached is the drop-down list that I have to choose from.

View 5 Replies View Related

Cisco VPN :: 871 - Import A Self Signed Certificate

Sep 27, 2012

Can I import a self signed certificate from a Cisco 871 router to a Cisco ASA 5505? The 5505 replaced the 871 and I have a VPN that goes to another company that we have a connect to. The device on the other end is a VPN concentrator ( I do not have access to modify this device without going through multiple channels.) I only need to mimic this device for the site to site VPN tunnel only. It appears that there are no pre-shared keys only a self signed certificate.         

View 1 Replies View Related

Cisco :: Import Certificate Failed For 7925

Jul 24, 2011

I'm currently in the process of the setting up  a new wireless network and I want to test out our 7925 phones on it.  When I try uploading the certificate to the phone it fails and I find the following error in the trace logs
 
[code]...
 
I created this certificate using using Windows Server 2003 and it is 2048 bits.  This certificate works fine with my laptop but I'm unable to upload it to the phone.  The app load currently on the phone is CP7925-MFG-D.8.LOADS.  Are there any specific guidelines out there when creating a certificate for a Cisco 7925 phone?

View 2 Replies View Related

Cisco Switches :: SPS2024 And SSL Certificate Import?

Feb 29, 2012

I am trying to import a SSL certificate into this device -  Cisco SPS2024 (FW: 1.0.6 ( date  30-Aug-2011 time  15:45:47 )) but without sucess. I have allready did this task on another models through CLI (Cisco SRW224G4 - through the lcli) or on Cisco SG300. I can create certificate request with:
 
switch(config)#crypto certificate 1 generate key-generate
switch#crypto certificate 1 request cn "sw.localdomain" or "..." ou "..." loc "..." st "..." cu "..."
 
and that last command  gives me plaintext certification request that I will sign with my certification authority. to this time, everything is clear and perfect.
 
And now, I have signed certificate according generated certificate request and I want to import it. And now I am in stuck, because I have not found any useful command to do this action. For import certificate, I have found only following command:
 
switch# crypto certificate 1 import pkcs12 WORD
 
also I dont exactly understand this command because there is no parameter to specify any url from which will be fetched pkcs12 certificate... just WORD parameter as the pkcs12 passphrase. nothing like as on another switch models on which there is following command:
 
switch2(config)# crypto certificate 1 import <CR>
 
after executing the command line will waiting for pasting the signed certificate to console. And on SPS2024 there is no any similar command to doing this. So in final, I cannot import certificate signed by my certificate authority, I can just generate self signed certificate directly on device and use only this one

View 2 Replies View Related

Cisco Application :: Certificate Import From Exchange To ACE 4700

Dec 8, 2011

I am tasked to Configure an ACE 4700 for SLB. This has been done and working. Am also further tasked to create a secure communication between tha ACE and Exchange server. I need the breakdown of steps required to Import certificate from the exchange server, and how to verify that things are working.

View 3 Replies View Related

Cisco Application :: ACE 4710 (1) SSL Certificate Import ( 2 ) With Load Balancing?

Dec 3, 2012

I am performing a deployment, in which i require clarity on the following. Our setup has DC and DR , in each site we have two devices for HA.We have received One SSL Certificate from Public CA, Kindly clarify the following doubts i have on thisIn Doc, i found Cert.pem and key.pem is required to generate the pair ,do i receive both Cert.pem and key.pem from the CA or we can generate key.pem from Cert.pem ?SSL Offloading is planned for the X application, and it is running in both DC and DR ( Considering each having their own Public IP address ) , do i need to have two different public certificates or a single certificate can i use in both DC and DR.Load Balancing IssueIs it possible to configure in ACE to access the service in Business hours and in non Business hours to display HTML page showing this is available only during these hours ?In DC we have Three Web Servers ( only in One physical server the service is active, other two are backup ), and these three servers are under cluster and shares one cluster IP , In ACE we have created the VIP and Pointed to only Cluster IP ( like pass through only ). The issue we face is if active web server is down, even then ACE is sending the traffic to that webserver only instead of sending it to the new Active web server. let us know if any solution is there to overcome this issue ?as per my understanding instead of giving cluster IP as real server IP we can issue the three physical servers. now i dont require load balancing between three servers instead require failover king like if first server is down then it should forward to Second server ?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: CSACS-1121-K9 - Dual NIC

Aug 11, 2011

Is it possible to have Dual NIC on ACS v5.2 such as teaming or any else??
 
I am thinking of connecting the two NIC on the CSACS-1121-K9 appliance to two switches on the same network, but wondering if it will be possible or not.

View 1 Replies View Related

AAA/Identity/Nac :: CSACS-1120 - How To Export License From ACS

Jul 22, 2012

I have an ACS applicance that had a version 5.1 and i did an upgrade to 5.3 with latest patch.For some reason, the runtime process got stuck in (reinitializing and restarting) state.i did the recommended action to perform ACS stop and ACS start and even hard reset of the appliance, but it did not cut itThis process turned out to be a bug and it should have been fixed in version 5.3, but it has not i guess
 
i know that acs reset-config will solve the issue, but i have a problem here , the license file will be deleted as well with the config and i cannot find a way to export the license and then import it into the reseted config ACS hardware. Unfortunately, the license file is not saved anywhere in the company and i cannot affort to lose it.how to export the license from the applicance (CSACS-1120)?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: CSACS-3415 ACS 5.4 NIC Bonding / Teaming?

May 7, 2013

Does the new UCS hardware change anything ?Can we bundle 2 NICs somehow to get interface redundancy ?If still not possible to configure that in ACS 5 itself:Can it enentually be done on the "hardware" level within the appliance firmware (UCS BIOS)  ?(RHEL would provide NIC bonding,,, unfortunately its not accessable from ACS5 CLI)

View 6 Replies View Related

Cisco AAA/Identity/Nac :: %ASA-3-717009 / Certificate Validation Failed / Certificate Date Is Out-of-range

Jan 30, 2012

There is ASA with remote access VPN and users are authenticated using third party signed certificates (CA is not local in ASA).When user certificate expires i can see it in syslog messages. For example:
 
     %ASA-3-717009: Certificate validation failed. Certificate date is out-of-range, serial number: (...)
 
I would like to know if there is an opportunity to view user's certificate expiry date beforehand, say, 3 days before?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: Upgrade CSACS-1121 From ACS 5.2 To 5.4 - Application Initializing?

May 29, 2013

We upgraded a CSACS-1121 from ACS 5.2 to ACS 5.4 with CLI Application upgrade ACS_5.4.0.46.0a.tar.gz FTP After ACS reboot, services never start... After 15 hours, we always get same message:
 
ACS/admin# show application status acs
Application initializing...
Status is not yet available.
Please check again in a minute.
 
We installed patch 5-4-0-46-2.tar.gpg but we got same issue for 2 hours ...What could I do?

View 4 Replies View Related

Cisco AAA/Identity/Nac :: CSACS-1120 To Active Directory Without Success

Apr 18, 2011

I'm trying to join a band new CSACS-1120 to our active directory without success. The process in it self should be pretty straigh forward, but so far no luck.
 
I've configured the relevant info under "Users and Identity Stores > External Identity Stores > Active Directory.
 
Active Directory Domain Name: xxx.com
Username/Password : domain administrator account
 
When I test connection I get a info dialog "This machine is currently connected to domain xxx.com".After which I try to save changes which gives a reply ""This System Failure occurred: {0}. Your changes have not been saved. Click OK to return to the list page."
 
I've noticed that in the system log "show logging system tail" that I get a exception as soon as I enter the AD configuration page and subsequently every time I perform a action on that section.
 
Why the AD join keeps on failing and what the debug exception I'm getting means?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS Memory Utilization Limit With CSACS 1121

Aug 21, 2012

We have 2 CSACS 1121 with Cisco ACS 5.2.0.26.10 The primary server manages 20000+ authentications per day. Its memory utilization increases everyday. It is now at 83% , there a limit?,What will happen when memory utilization reach this limit?,What can we do to purge memory utilization? (reboot, service restart.

View 11 Replies View Related

Cisco AAA/Identity/Nac :: ISE 1.1.1 Don't Have Certificate Authority Certificate Anymore?

Oct 19, 2012

i am working on ISE 1.1.1, surprisingly i couldn't found certificate authority certifiate at certificate operation anymore.
 
would it be the change on GUI? So now where i can import the CA certificate to ISE?

View 5 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 Csv Import Fails

Dec 6, 2010

I'm trying the csv file import and getting some errors.
 
010-12-07 14:23:47: File Format Validation Completed2010-12-07 14:23:47: Import Started

2010-12-07 14:23:47: Record number: 1, Host 01-02-03-04-05-06: Import Failed2010-12-07 14:23:47: null Import process failed for unexpected reason: Unknown error has accurred.2010-12-07 14:23:47: Import Completed With errors

-------- Summary --------Total Number of Records Processed:1Number of Records Failed:1Number of Records Imported:1---------- End ----------Please refresh the table to see the changes.
 
On some other tries I get null field or missing fields.
 
It actually creates the host, but on editing it I get the following message:
 
An unexpected error has occurred. To continue your work, reselect the option in the left navigation bar.If you continue to receive the unexpected error message, close your browser and log in to ACS again.If you still receive the unexpected error message, contact your system administrator or technical assistance.
 
MACAddress:String(64):Required,description:String(1024),"enabled:Boolean(true,false):Required",HostIdentityGroup:String(256),VLAN:String(256):Required,attr-Expiration Date:Date(yyyy-Mmm-dd)01-02-03-04-05-06,AAATest,true,,Guest,2010-Dec-08

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS V5.2 - Any Limitations On Import Users

Mar 21, 2012

on ACSv5.2...are there any limitations on the number of users that can be imported via CSV file...i.e. will the ACS handle 250,000 internal users for example?

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Import Server Certificates On ACS 5.2

Jan 10, 2012

When I tried to import the file, there are two lines there, One is Certificate file, the other is for "Private Key File".
 
My question for you is, is this the private key of CA? My understanding has always been that the private key stays in CA only, not going to any other devices.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: Trying To Import VSAs Into ACS 1113 4.2

Mar 27, 2013

I have some VSAs to import into my 1113 box, but I am stuck before I can even start :-( I have an accountActions.csv file containing some VSAs (this is just a test csv file.) I also have an FTP server that is accessible from the 1113 system.
 
When at the GUI for the 1113 I do System Configuration --> RDBMS Synchronization I get the RDBSM Synchronization Setup screen all right. I have entered all the parameters associated with the FTP server, and selected manual synchronization. The problem is that there are no entries in the AAA Servers window at the Synchronization Partners section at the bottom, and therefore I can't get the 1113 to retrieve my accountActions.csv file, an action that (I guess) is triggered by clicking on the Synchronize Now button.
 
I do have an AAA Server defined in the 1113. It's a RADIUS server called Self, not assigned to any NDG.I guess I do not understand this at all. I just want to import some external VSAs. Do I need to have an external AAA server to accomplish this? If not, how do I get my local Self server to appear in the list of synchronization partners?

View 1 Replies View Related

AAA/Identity/Nac :: ACS 5.2 Import Internal Hosts?

May 17, 2011

Trying to use the "File Operations" option to import hosts into ACS.  I go through the wizard and click "Finish", the pop up goes blank and just hangs there.  No errors are generated. 

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.3 Unable To Properly Import IP Ranges

Apr 17, 2013

I have multiple AAA Clients that I need to add. The way I manage the clients, I often make changes of moving IPs from one group to another. I require that all clients use "IP Ranges". I try import the following IPs (8.8.8.1;8.8.8.3;8.8.8.9-10;8.8.8.25) I need them all to be ranges, but what happens is after I import it, I then go to that AAA Client, it makes them all "IP Range(s) By Mask" and siplays it like this.

View 4 Replies View Related

AAA/Identity/Nac :: ACS 5.4 Import Users With Expiration Date Field?

Apr 7, 2013

between fields in import template file (add or update) for internal users is no column for expiration date ([URL]). This field is not defined also for export file.
 
My question is: (How) is it possible import new users (or update existing) into internal db with expiration date field?

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 Import Template Gives File Format Validation Failed

Sep 21, 2011

Network Resources - Network Devices and AAA Clients- File Operations - Add - gives me File Format Validation Faliled. I am carefull to leave the header as it is. The header in the Import Template looks faulty, see attached. When exporting devices I also get the same header as attached. I also tried to change the header so its all in one column, but with same result.

View 1 Replies View Related

AAA/Identity/Nac :: CSACS-1121-UP-K9 - Possible To Upgrade It Being Non Upgrade Part

Sep 10, 2012

Is it possible to upgrade the CSACS-1121-UP-K9 to be a non upgrade part? We were going to upgrade from a Windows 4.x to the above Appliance (version 5.x) but there is now a reason to keep the old Windows version running therefore we cannot give the new Appliance the old ACS's licenses?!So we should have (with hindsight) bought a fresh version of the ACS 5.x rather than an upgrade.

View 1 Replies View Related

Cisco AAA/Identity/Nac :: Getting Certificate Installed - ACS 5.2

Jun 14, 2011

Currently I'm using a self signed cert issued by ACS. We are having an issue where occasionally we see in our Windows 7 logs that Windows did not like the self signed cert from ACS when doing dot1x authentication for our Windows 7 clients. We are using the built in dot1x client that comes with Windows and have the "Validate Server Certificate" unchecked but still see this error occasionally. I've tried issuing a CSR from the ACS server and going to Thwate and getting a test cert but everytime I paste the CSR into the field at Thwate I get an error about invalid cert type. You have to choose from a list of server types. I've tried several different ones. I've also tried issuing the request from a WIndows server and when I try and import the files I get a invalid key error. How to get certificate working from Thwate or Verisign?

View 6 Replies View Related

Cisco AAA/Identity/Nac :: ACS Server Certificate From 3.3 To 4.2?

Mar 2, 2011

We have enabled EAP-TLS authentication for our wireless LAN end user in our network setup , And we have defined certificate on our old acs server 3.3  from a third party  CA . I want to use the same certifcate which is being used in 3.3 ,how i can copy that certficate from 3.3 and get it installed on new acs 4.2 .

View 7 Replies View Related

Cisco AAA/Identity/Nac :: ISE And SHA256 Getting Many Certificate Errors

Mar 1, 2012

I got many certificates errors. When ISE Server tried to retrieve CRL: CRL verification failed - possibly signed by wrong or unknown CA,When client tried to connect using EAP-TLS: X509 decrypt error - certificate signature failure.

View 2 Replies View Related

Cisco AAA/Identity/Nac :: How To Remove ACS 5.2 Local Certificate

Nov 7, 2011

Been tinkering around in our ACS 5.2 appliances today to setup PEAP. I generated a self signed certificate under local certificates which I want to remove now. But when I try to delete it I get the following message:
 
This System Failure occurred: Certificate is associated with a protocol. Hence it cannot be deleted.. Your changes have not been save. Click OK to return to the list page.
 
I assume this is because it is associated with the EAP protocol, but I cannot uncheck the box when I edit the local certificate. How can I get rid of this test certificate?

View 2 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.1 802.1x EAP-TLS Machine Certificate Authentication

Jul 11, 2011

Looking for the steps to configure wired clients using certificate authentication only

- i.e., once a certificate is presented to the ACS that is issued by a trusted CA, the connection is permitted. 
 
No need to tell me about switch configuration.

View 3 Replies View Related

AAA/Identity/Nac :: ACS 5.2 Machine Certificate Authentication

May 23, 2011

Is there a way to authenticate a windows computer in ACS 5.2 for 802.1x only with a certificate.The Computer is from a different active directory than the one that is configured in ACS.I tried importing the cert into "external indentity Stores" > "certificate authorities", then setup the computer to use smart card or certificate, then selected the certificate from the other AD.when i look at the ACS log, here is the message i can see: 22044 Identity policy result is configured for certificate based authentication methods but received password based

View 1 Replies View Related

AAA/Identity/Nac :: Cisco ISE 1.1.1 Is Given Certificate Error While Trying To Access Any Of Nodes

Nov 9, 2012

Cisco ISE 1.1.1 is given Certificate error while trying to access any of nodes. It is started after adding other nodes in to primary node. Accessing by IP's redirect to other nodes suppose if we accessing primary admin node by IP, it redirect to other nodes (secondary nodes or other nodes).

View 3 Replies View Related

Cisco AAA/Identity/Nac :: ACS 4.2 Certificate Based Authentication And Windows 7

Jan 9, 2012

We use a combination of Cisco ACS and Cisco catalyst 3560 switches for network authentication and authorization. Clients (Windows XP) have a certificate installed which will grand access to the network and put them in the correct VLAN. So far, so good. Some users are testing with Windows 7 in the same set-up as above and run into strange behaviour. The problem is that after a random timer the machine gets de-authenticated and nothing besides a reboot works to get the computer authenticated again (from a Windows point of view). It looks like this only happens to users who are using a certificate to authenticate, Windows 7 MAC bypass users have no such problems. If it occurs, the following logging appears in ACS: [code] We are using ACS 4.2(0) Build 124 and 3560-48PS switches with IOS 12.2(55).

View 4 Replies View Related

Cisco AAA/Identity/Nac :: ACS 5.2 EAP-TLS Binary Certificate Comparison Via LDAP

Feb 9, 2012

i have a wireless deplyoment with WLC 5508, ACS 5.2 and several AD connected by LDAP. It is required that users are authenticated by certificates additional the user should only get access to the wireless environment when the user is found in a certain security group in the Microsoft AD forrest. The certificate based authentication is working without any problems, except the lookup into the AD isn't working. Here are the Details of the "Evaluting Identity Policy"

Evaluating Identity Policy
15004  Matched rule
22037  Authentication Passed
22023  Proceed to attribute retrieval
24031  Sending request to primary LDAP server
24016  Looking up user in LDAP Server - Alex Dersch
24008  User not found in LDAP Server
22015  Identity sequence continues to the next IDStore
24209  Looking up Host in Internal Hosts IDStore - Alex Dersch
24217  The host is not found in the internal hosts identity store.
22016  Identity sequence completed iterating the IDStores
 
but the user can access the WLAN just without verifying the user in the AD.
i tried the to enable Binary Comparisation but then the Authentication is not working any more. I get the same Identity Policy result as above.
 
i configured the Binary Comparisation as below:
 
I though with the binary comparisation i'll be able to verify the existance and the status of an user in the Active Directory.

View 1 Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved