When I install a certificate from the Windows CA-server, following the procedure from "Wired Dot1x version 1.05 Config guide" (Document ID 64068) and the "ACS SE User Guide", I have the following problem. If I want to change the "Global Authentication Settings", I get the warning "Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using ACS Certification Authority Setup page."
But if I check in "install a certificate", it says that the certificate is correctly installed and it is also added with the "Authority Setup" page.
I Already found the following in the AS 4.1.4 release notes: "disable the security agent, reinstall the certificate following the procedure and then re-enable the security agent".
I did this but I still get the same error, although the Security agent is turned off (I checked it in the console with the "show" command and the CSA is turned off).
Can anyone help me how to make it recognize the installed certificate?
P.S. I also see 2 devices in the AAA-server list:
-ACS01 (the name I gave it in the initial configuration). This one has an IP-address from the DHCP-server, although I specified NOT to use a DHCP but a static IP!
-Self: this one does have the static IP that I configured via the console ...
I Cannot delete one of these AAA-servers. Is this normal that there are 2 servers?
Yes, it is normal to see two server in case of acs appliance. You need to make sure, that in
acs-->network configuration---> Proxy dis table ---> "forward to "box should have deleverence1 only and your server name should be in the left box.
Please rate helfpful posts
It seems that the CA certificate that you installed is either corrupted or not properly installed . What i would like you to do is to delete the CA certicate using the MMC on windows in ACS and then reinstall it.
You, also, need to install the CA root certificate in ACS. You can install the CA root certificate in System Configuration->ACS Certificate Setup->ACS Certificate Authority Setup.
Also incase you are using Verisign cert then you need to install VeriSign Intermediate CA Certificates.