Recovery of certificates of the ACS

Similar Questions

• change the IP address of the ACS

  Hello guys,.

  I will be soon changed the IP address of my ACS server because I will move it to a new VIRTUAL LAN. the ACS is also integrated with Microsoft Active Directory users for authentication to the wireless lan users.

  My main concern is that if I change the IP address of the ACS, I have to do something on the Active Directory Server? I have to all certificate related issues? GBA I am running is version 5-1-0-44-6.

  all opinions are very welcome and appreciated.

  Hello

  change the IP will not affect the certificate of the ACS, or join the domain,
  in the worst scenarios, where you face the problem of having to return to the field "can be secondary domain question or problem to clock" you can simply remove the entry of the machine on the side of the field and re - join the domain "I hope that you won't have to do", but even if you need it won't take more than a few minutes.

  see you soon,

  Mohammad,

• CURRENT password for the recovery of the ACS 4.1

  Hi all

  I need to set up a new self ACS, model 1113, but has a problem in the configuration of the correct ip address in the first attempt. I tried to use the command set ip to change, but it did not work. Then I run the installation program again by restarting the machine and pressing the F2 key. But I was asked to provide the CURRENT password, which was not the administrator password. Any idea about it? I did the recovery in version 4.0 before but didn't need any password!

  GBA version 4.1. Thanks in advance!

  Anthony

  Hi,.

  To solve this static ip address problem, we need to apply a patch on the GBA unit. Please download the patch at this link,

  http://www.Cisco.com/cgi-bin/tablebuild.pl/ACS-Soleng-3DES

  Patch file name: applACS - 4.1 - set - ip -CSCsm73656- patch_to_603_r40_lc.zip*

  The default username and password is Admin and Setup. If this has already been used, you will need to use the recovery CD to set the user name and password again.

  One of the options when booting from the CD of restoration is to reset the password.

  Kind regards

  ~ JG

  Note the useful messages

• 4.2 of the ACS and auth with certificate 802.1 x

  Hi all

  I have geerated new certificate and installed on my ACS 4.2, it's only auto generated the certificate by the Association. Now, the end user cannot authenticate automatically.

  If I mnually install this certificate on the computer of the end user, then the end user is able to authenticate.

  Is it possible to authenticate the end user automatically?

  Oh, I'm sorry...

  Here are the comments;

  1.] you must uncheck "Validate server certificate" on the client side, this way, you don't need to install the certificate on the computers of end users.

  2. uncheck the option 'Automatically use my windows password and domain name user name' by these users windows credentials will be saved and the client will be connected whenever you log on to the windows machine.

  HTH

  Rgds, jousset

  Note the useful posts ~

• The ACS certificate

  Hello

  I used the ACS SE 4.1 to generate a certificate to be used for PEAP authentication.when I generate the certificate "To generate a self-signed certificate", it has a validity of one year.

  How can I specify the validity of 3 years or more. ?

  Thank you

  Self signed certificates have a default period of 1 year and can not be changed. There are various links on Cisco.com indicating one of them is for the point.

  http://www.Cisco.com/en/us/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

  Concerning

  Maury

  The rate of useful messages.

• The ACS kernel panic

  I have a Cisco ACS 1120 4.2.1.13 running redhat, we had an outage this weekend and when I came back she said

  kernel panic. Any ideas? Seems to be a linux issue not a cisco one.

  

  Seems to be a problem with OS corruption, you may need to reimage the box with the CD recovery and restore of the database.

  Jatin kone
  -Does the rate of useful messages-

• Office proxy firewall monitor secure connections (https) and send their own certificate instead of the certificate of the Web site

  Firefox works fine on my home network or while I connect to the internet directly via data card. However, @ my office use us proxy and for almost all sites (even google search) Firefox stops saying "this connection is untrusted".

  Attached are the screenshot for the same thing to help him to help me.

  I search a lot and was closest to you that I came to this url https://support.mozilla.org/en-US/questions/978722

  Is there a way to Firefox to add office proxy certificate in the certificate chain (don't know if that will help?)

  How to solve this? Kindly advice.

  I think most of the proxies work similarly: they generate a false certificate to the site and have your browser so that they can decrypt and inspect the traffic between you and the site. It is a hassle to have to make exceptions for individual certificates of false - it is more effective to recognize the certificate that the proxy uses to sign false certificates as valid a certificate authority.

  The trick is to identify this certificate. It might be easier to go to IE or Chrome, since both use the Windows certificate store (Firefox uses its own). By inspecting the certificate for a secure site and the certificate used to sign, you may be able to identify and to export this certificate (DER format or .cer).

  In Firefox, you who would incorporate in the section of the authorities in the Certificates dialog box:

  "3-bar" menu button (or tools) > Options > advanced > mini-onglet Certificates > "View certificates" button > mini-onglet References > "Import..." button »

  Of course, it is probably safer to check with your COMPUTER that you've found and exported the correct certificate before you import it into Firefox.

• I get a 'Secure connection' error failed with google stating "certificate contains the same serial number.

  When I click on a link to a google search, I get the "Secure connection" error failed in Firefox. He says, "please contact the administrator of the server or email correspondent and give them the following information: your certificate contains the same serial number for another certificate issued by the certification authority."

  I followed the instructions here:
  https://support.Mozilla.org/en-us/KB/certificate%20contains%20The%20Same%20serial%20number%20As%20another%20certificate
  and looked at this article:
  https://support.Mozilla.org/en-us/questions/1028103?ESAB=a & As = AAQ

  I uninstalled and reinstalled Firefox, deleted the entire folder profiles and reset Firefox. I see that the older (orphans) article points to my router. However, I have a new router and have updated their software. There is no button to add an exception (as stated in the article), so I can't just work around it. This problem does not occur with IE, so I have a hard time to believe that it is my router.

  How to solve this problem? I really want to change browser.

  Finally, I tracked the issue. The answer was found here:
  https://support.Mozilla.org/en-us/questions/1028985

  It turns out that Avast has a web shield that passes through its own verification of certificate https. Of course, this feature is not quite right and loses track of the certificates. Disable "https scanning" in the settings of Avast resolved the problem.

• Problem with certificate and the exception is not available

  So, here is my problem I am trying to connect to a secure server. When I do this, I get to a page telling me the browser appears not that the server is secure and that the certificate is old.

  When I click on the button "Add an exception" a small window opens saying the certificate is new safe and I can't add an exception.

  The exeption box is grey so I can't click in and the button 'Add exception' is olso gray so I can't click on it. I click on the button "Cancel" and return to the page telling me the server is not sure.

  How can I go about solving this problem?

  Check the date and time of the clock on your computer: (double) click on the clock icon in the Windows taskbar.

  Find out why the site is not approved, then click on "Technical Details to expand this section.
  If the certificate is not reliable because no issuer channel was provided (sec_error_unknown_issuer) and then see if you can install the intermediate certificate from another source.

  You can retrieve the certificate and check details such as WHO issued the certificates and the expiration dates of certificates.

  • Click on the link at the bottom of the error page: "I understand the risks".

  Let Firefox recover the certificate: "Add Exception"-> "get certificate".

  • Click on the "view..." button. "and inspect the certificate and the Coachman, who is the issuer of the certificate.

  You can see more details like the intermediate certificates that are used in the details pane.

  If "I understand the risks" is missing, this page can be opened in a (i) frame and in this case, try the shortcut menu and use "Frame this: Open image in New Tab".

  Note that some firewall monitors connections (sure) and that programs like Sendori or FiddlerRoot can intercept connections and send their own certificate instead of the certificate of the Web site.

• I want to remove server certificates in the store of certificates permeantly

  I have notices that there are multiple certificates on the SERVER tab. I think that these are the exceptions. I want to delete them, but they reappear at each start of firefox.

  Examples:
  DigiNotar
  Entrusted.NET
  GTE Corp.
  USERTRUST NETWORK
  etc.

  I want to remove the exceptions. Why are they install Firefox and why when removing them after they are back after each launch?

  Those are exceptions of permanent block, and should not be deleted. You can see that if you click on the button to edit, so just leave them.

• In preferences - advanced - encryption - view certificates - authorities, the Option 'Delete or distrust' seems to be inoperative (recently hacked).

  I tried the above steps to remove certain certificates looking for suspects after unusual online experiences using WiFi without success. I "removed" a number of different certificates and then selected "ok" only to see them all reappears again and again. Since then has been an event recent hacking, I have also adopted a number of other steps involving our WiFi, computer and e-mail in addition provider the Firefox browser. Any thoughts?

  You cannot delete root of build-in certificates.
  
  You can only remove the bits of the trust to prevent Firefox to use the certificate as the root certificate and that's what Firefox in this case.
  
  You can check that by clicking on the button change.

• Laptop HP 15-f162dx: THEIR is NO OPTION of DVD FOR DVD RECOVERY DISC CREATION IN the HP RECOVERY MANAGER'S

  I HAVE HP 15-f162dx NOTEBOOK PC in WHICH I AM creating RECOVERY DVD DISCS IN "HP RECOVERY MANAGER", BUT in THE "HP - CREATE RECOVERY MEDIA" IS NO OPTION TO CREATE a DVD. EARLY CLAIM.

  CONCERNING

  Ok.

  I don't see that as a real issue or problem.  The ability to create a recovery media is part of the purchase, and you do not have the ability to create a recovery media.

  Why don't you use the option of USB flash drive?

  The USB stick recovery is higher on the recovery DVD disc in a number of ways.

  (1) a usb flash drive are not damaged by just scratching the surface, unlike the DVD in a set of recovery disks. A scratch on the side of disc label #1 and the whole is unusable.

  (2) a recovery, when from a usb flash drive takes less than an hour, so that once made with one set of recovery disks can take up to four hours.

  (3) not all DVD media can be used to create a reliable recovery DVD media.

  (4) DVD media can be easily destroyed by heat, if you live in a region of the world where the temperature is normally high.

  (5) usb recovery media creation takes less than an hour, compared to the time it would take to make a recovery of the DVD disc.

• Creation of my own CA, self-signed certificates and the use of these

  I'm stupid. Three years ago, I created my own CA and my own wildcard certificate for my OS X Server (always 10.8.5 with Server 2.2.5). I install my public Root CA on clients who make use of my server. At these must not often updated and the work is complex, so I created a CA Vault take care of a few scripts and configuration of openssl. What I forgot is document how to get these used by Server.app. That's why I'm stupid, because I struggle to reproduce what I did and discovered three years ago.

  I use two scripts. (MYNAME, mydomain and tld are generic strings, of course in reality I use my own name and mydomain.tld)

  The first is for the creation of a root certification authority:

  #!/bin/bash
  
  # Only edit these:
  mycaname="MYNAME Certificate Authority"
  myrootname=mydomaincaroot
  
  # Run in current dir:
  mydir=`pwd`
  
  mkdir RootCert >/dev/null 2>&1
  
  if [ ! -e "$mydir"/RootCert/"$myrootname".key -o \
       -e "$mydir"/RootCert/"$myrootname".crt ]
  then
      openssl req -config "$mydir"/openssl.cnf \
    -new -x509 \
    -keyout "$mydir"/RootCert/"$myrootname".key \
    -out "$mydir"/RootCert/"$myrootname".crt \
    -days 3650
      openssl pkcs12 -export -clcerts \
    -inkey "$mydir"/RootCert/"$myrootname".key \
    -in "$mydir"/RootCert/"$myrootname".crt \
    -out "$mydir"/RootCert/"$myrootname".p12 \
    -name "$mycaname"
  
      echo "Now import ""$mydir""/RootCert/""$myrootname"".p12 in KeyChain"
      echo "For this, unlock the System KeyChain first, then import"
      echo "NOTE: this imports your private key in the System Keychain"
      echo "So it can be used for signing activities."
      echo "This is less safe then keeping your private key on media that"
      echo "cannot be accessed from the system, like a safely stored USB stick"
  else
      echo "Your root CA crt and key already exist! I will not overwrite this"
      echo "as this could overwrite a still used private key and lose you access"
      echo "to signed certificates, e.g. for revoking them"
  fi
  

  I think I know what to do (but Advisor is always welcome). I have to add the certificate of generic identity for the Keychain system, after which I can use in.app.

  Now I encounter another problem: when I enter the certificate in the system Keychain, it ends up in/etc/certificates without a. fichier.pem. See: OS X 10.8.5 Server 2.2.5/Keychain Access certificates issue for more details.

  Help is always welcome.

• Satellite A210 - 1 4 - using Recovery DVD after replacing the hard drive

  My laptops hard drive failed last year and had to be replaced. Vista was installed by the repairman.
  However, now I want to restore the system failing.

  Will be my Toshiba Recovery Disc I received with my Word still PC although the hard drive is different? How will I know?

  Hello

  You can use the Toshiba Recovery disk, even if the HARD drive has been replaced.
  Usually it s no matter you use a new HARD drive...
  The recovery disk would be to format the drive HARD integer and must install the Toshiba image correctly.

  Welcome them

• Creating means of recovery is impossible on the Satellite L650-116

  I have a Toshiba l650-116

  I get this message:
  Creating means of recovery ther is impossible!
  File recovery HARD drive on the second disc of the first hard drive not found. There is no recovery environment of valid hard drive on this computer

  I have already dealt the media long ago recovery disks, but now when I press f8 to start - go to repair computer - when I choose recovery to factory settings that it says that I can't

  Hello

  > Creating means of recovery Ther is impossible!

  It seems that the folder with the files was not found, and so this is the reason why the recovery disk cannot be created.
  I think that there is not much to do but if you have the disc in the past, then you can use it once more to restore the operating system.
  Otherwise, you will need to order the CD:
  http://backupmedia.Toshiba.EU/landing.aspx