cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
982
Views
0
Helpful
4
Replies

ACS Cert

kirbus_inc
Level 1
Level 1

Hello,

I am having a hard time getting my cert to work right on the ACS for PEAP. I have acs 4.2 se.  I have a 3rd party .pem. certificate

I have loaded it into the install acs cert as the cert file and private key. I have also loaded into the authority setup, but after the reboot when I try to enable peap and eap-tls I get this error Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed. I am not real knowledgeable about certificates so I am sure it is something simple I am doing wrong. Please help! Thanks in advance

4 Replies 4

Jatin Katyal
Cisco Employee
Cisco Employee
This happens when we are missing some kind of certificate on the ACS. As you stated that you have installed the certificates and still you are 
getting this error.

Most of the times I came across this error message when we don't have CA or Intermediate
certificate installed on the ACS certificate store.

Make sure that you have checked the certificate under certificate trust list. Also, restart the acs services and then try.

Regds,
JK

Do rate helpful posts

~Jatin

I think I have gotten that part to work now because it lets me enable EAP. However on my wireless client

it gives an error of Could not authenticate. Int he log it says authentication failed

during SSL handshake

Well, this error message says that there is certicate missing in the chain. Please check and make sure that you have full cert chain installed on theACS.


BTW. what eap type you are using?


Also, do we have validate server certificate option checked on the client side? If it is, please uncheck that option and try again.


Rgds,

JK


Do rate helpful posts-

~Jatin

Here is what I have selected under Global Authentication Setup

PEAP

     Allow Posture Validation

PEAP session timeout (minutes) 120

Enable Fast Reconnect

EAP-TLS

     Allow EAP-TLS

     Certificate CN Comparison

Use Outer Identity

LEAP allow Leap (for Aironet only)

EAP-MD5 (Allow EAP-MD5)

MS-CHAP config

Allow ms-chapv1 authentication

Allow ms-chapv2 authentication

On the client under wireless properties

Network Authentication is Open

Data Encryption is WEP

check is key is provided for me authomatically

On the authenticaiton tab I have enable 1EEE 802.1x authentication network access for this network

I have had EAP type as smart card or certificate and have had vaildate server cert check and unchecked

I have also selected Protected EAP (PEAP) instead of smart card or certificate and get a ssl handshake error on te acs logs

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: