ACS 4.2 Appliance Server 1113 with VeriSign Cert

Unanswered Question
Aug 19th, 2009
User Badges:

Hi NetPro,


i've loaded the VeriSign Cert but somehow i still hitting the major problem.


Scenario 1:


Company A recommend CN = [email protected]


VeriSign recommend CN = test-radius-01.google.com


but, while in the UAT stage . Cert with "CN = test-radius-01.google.com" working on the Laptop . not in the production level.


anyone encountered this before ?


thanks a lot


Jack


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 2 (1 ratings)
Loading.
Robert.N.Barrett_2 Thu, 08/20/2009 - 07:01
User Badges:
  • Bronze, 100 points or more

UAT = User Acceptance Testing?


Not sure what you mean by "working on the Laptop", but if the issue is certificate related, then it's a matter ot trust. Since you don't mention user certs, then I'm guessing you're talking about PEAP authentication. If PEAP auth works on a laptop, and doesn't work on some other machines, then the other machines don't trust the ACS certificate. The entire chain of the certificate must be trusted by the computer trying to connect. Therefore, it must trust the root (the main CA), the intermediate (if there is one), and the actual cert for the machine. If one of the production computers is running a flavor of Windows, do a Start-> Run -> certmgr.msc, and make sure the root CA is in the "Trusted" folders, make sure the issuing CA is in the "Intermediate" folder. That should do it.


If you want to really check if it's a cert issue, just disable the server certificate check on the wireless client (but I don't recommend leaving it that way).


Also - did you install the CA cert on the ACS server?

ney25 Fri, 08/21/2009 - 02:51
User Badges:

Hi,


Thanks for your information, yes UAT stands for User Acceptance Test.


I've installed the CA cert on the ACS Server.


thanks a lot.

Robert.N.Barrett_2 Fri, 08/21/2009 - 07:03
User Badges:
  • Bronze, 100 points or more

Thanks for the points - did installing the CA cert on the ACS server solve the problem?

Actions

This Discussion

 

 

Trending Topics: Other Wireless Mobility

client could not be authenticated
Network Analysis Module (NAM) Products
Cisco 6500 nam
reason 440 driver failure
Cisco password cracker
Cisco Wireless mode