ACS Cert

Unanswered Question
Jun 15th, 2010
User Badges:

Hello,


I am having a hard time getting my cert to work right on the ACS for PEAP. I have acs 4.2 se.  I have a 3rd party .pem. certificate

I have loaded it into the install acs cert as the cert file and private key. I have also loaded into the authority setup, but after the reboot when I try to enable peap and eap-tls I get this error Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed. I am not real knowledgeable about certificates so I am sure it is something simple I am doing wrong. Please help! Thanks in advance

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jatin Katyal Tue, 06/15/2010 - 18:40
User Badges:
  • Cisco Employee,
This happens when we are missing some kind of certificate on the ACS. As you stated that you have installed the certificates and still you are 
getting this error.

Most of the times I came across this error message when we don't have CA or Intermediate
certificate installed on the ACS certificate store.

Make sure that you have checked the certificate under certificate trust list. Also, restart the acs services and then try.

Regds,
JK

Do rate helpful posts

kirbus_inc Wed, 06/16/2010 - 08:51
User Badges:

I think I have gotten that part to work now because it lets me enable EAP. However on my wireless client

it gives an error of Could not authenticate. Int he log it says authentication failed

during SSL handshake

Jatin Katyal Wed, 06/16/2010 - 09:06
User Badges:
  • Cisco Employee,

Well, this error message says that there is certicate missing in the chain. Please check and make sure that you have full cert chain installed on theACS.


BTW. what eap type you are using?


Also, do we have validate server certificate option checked on the client side? If it is, please uncheck that option and try again.


Rgds,

JK



Do rate helpful posts-

kirbus_inc Wed, 06/16/2010 - 09:30
User Badges:

Here is what I have selected under Global Authentication Setup


PEAP

     Allow Posture Validation


PEAP session timeout (minutes) 120

Enable Fast Reconnect


EAP-TLS

     Allow EAP-TLS

     Certificate CN Comparison


Use Outer Identity


LEAP allow Leap (for Aironet only)

EAP-MD5 (Allow EAP-MD5)


MS-CHAP config

Allow ms-chapv1 authentication

Allow ms-chapv2 authentication


On the client under wireless properties


Network Authentication is Open

Data Encryption is WEP

check is key is provided for me authomatically


On the authenticaiton tab I have enable 1EEE 802.1x authentication network access for this network


I have had EAP type as smart card or certificate and have had vaildate server cert check and unchecked


I have also selected Protected EAP (PEAP) instead of smart card or certificate and get a ssl handshake error on te acs logs

Actions

This Discussion