I'm currently experiencing problems with the installation of the ACS-certificate on the client. I'm using an external CA-certificate that is correctly installed on the ACS-server (see other topic).
Now the clients also needs the ACS-certificate to be added so that a EAP-tunnel can be established between the client (Trust Agent) and the ACS-server.
Notice that the CA Root-certificate is added on the client under "Trusted Root Certificates" so that shouldn't be the problem.
When I'm using the supplied tool "ctacert.exe" like this:
ctacert.exe /add "C:\cert.cer" /store "root"
...I always get the following error:
"Cisco Systems Trust Agent Certificate has encountered a problem and needs to close. We are sorry for the inconvenience."
The next step I tried is to install the certificate manually (by double-clicking it and choosing the option "Install certificate"). I've chosen to install it in "Trusted Root Certification Authorities/Local Computer" (the so called physical store). This was successful. However, the certificate, for some reason, isn't placed in "Trusted Root Certification Authorities", but in the "Other People" store.
When I'm starting up the client-computer I get prompted for the username several times, and sometimes I receive the following pop-up prompt:
"You have no certificate in your personal store to be used as credentials for authentication with network Cisco Trust Agent 802.1x ..."
There aren't any ACLs and stuff on the testrouters so that can't be the problem.
Any help is greatly appreciated.