ACS/EAP-TLS/Internal DB issue

Unanswered Question
Jan 30th, 2008
User Badges:


I want to authenticate dial-up users with ACS internal DB using certificates which are stored on smart cards using EAP-TLS method.

I use Microsoft Standalone CA to enroll certificates and configure ACS.

But I cannot authenticate clients. ACS Logs says that SSL handshake has failed and I dont know what to do to solve this problem.


We have been able to do the above scenario when CA is enterprise and we have a domain controller which ACS PC and Client are members of it but when we remove Active Directory from the network and reconfigure ACS and certificate authority client authenticateion fails.


Can anyone help me with this problem?


Thanks

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
didyap Tue, 02/05/2008 - 07:04
User Badges:
  • Silver, 250 points or more

EAP-TLS uses mutual authentication in which both the ACS (authentication, authorization, and accounting [AAA]) server and clients have certificates and prove their identities to each other. Check if the ACS is properly configured to obtain certificates from storage. Following link may help you

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

Actions

This Discussion