PEAP authentication problem

Unanswered Question
Jul 23rd, 2007
User Badges:

am trying to user PEAP on my AP's in the Enterprise. It works fine when used as WPA2. But when i use dot1x it gives me error 'auidentified server identity'. I am using ACS 3.3 & using self signed cert. on the ACS. The same cert. i have installed in one Wireless Client. but it gives me error all the time. The error in ACS failed attempt is 'EAP-TLS or PEAP authentication failed during SSL handshake'


Pl. help.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

"#


If the ACS's certificate on the wireless client is invalid (which depends on the certificate's valid "from" and "to" dates, the client's date and time settings, and CA trust), then the client will reject it and authentication will fail. The ACS will log the failed authentication in the web interface under Reports and Activity > Failed Attempts > Failed Attempts XXX.csv with the Authentication Failure-Code similar to "EAP-TLS or PEAP authentication failed during SSL handshake." The expected error message in the CSAuth.log file is similar to the following.


AUTH 06/04/2003 14:56:41 E 0345 1644 EAP: buildEAPRequestMsg:

other side probably didn't accept our certificate


#


If the client's certificate on the ACS is invalid (which depends on the certificate's valid "from" and "to" dates, the server's date and time settings, and CA trust), then the server will reject it and authentication will fail. The ACS will log the failed authentication in the web interface under Reports and Activity > Failed Attempts > Failed Attempts XXX.csv with the Authentication Failure-Code similar to "EAP-TLS or PEAP authentication failed during SSL handshake." If the ACS rejects the client's certificate because the ACS does not trust the CA, the expected error message in the CSAuth.log file is similar to the following.


AUTH 06/04/2003 15:47:43 E 0345 1696 EAP: ProcessResponse:

SSL handshake failed, status = 3 (SSL alert fatal:unknown CA certificate)


"

j.tandel Mon, 07/23/2007 - 20:04
User Badges:

I do not have a CA in my Enterprise. I am using the ACS self-signed certificate. Also adding this certificate in the ACS Cert. Storage & also trusting the cert.

The same cert. i am installing in the client.

Do i have to use a different cert. for the client or i can use the same cert. for ACS server as well as wireless clients.

Actions

This Discussion