ACS 5 EAP-TLS

Unanswered Question
Aug 11th, 2010
User Badges:

How do we add a trust authority on ACS 5?  We also get an error when the client authenticate by eap-tls.


12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain  this sound like the Trust Authority on client is not matchi with on ACS server , is that right?


Thanks,

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jorge.novo Fri, 11/05/2010 - 06:25
User Badges:

Hi,


  Seems to be that, or also you are not installed the CA in the ACS


CA Certificate

          | ________ Server Certificate

          |______________Client certificate



Ensure that the certificate authority that signed the client's certificate is  correctly installed in the Certificate Authorities page (Users and Identity  Stores: Certificate Authorities). Check the OpenSSLErrorMessage and  OpenSSLErrorStack for more information. If CRL is configured, check the System  Diagnostics for possible CRL downloading faults.


Un Saludo

jedubois Fri, 11/05/2010 - 10:41
User Badges:
  • Cisco Employee,

You are correct, the ACS doesn't have the CA for the client certificate being presented.  This can be added under Users and Identity Stores -> Certificate Authorties, If it is a multi-tiered CA you can add each certificate in the chain here.

--Jesse

Actions

This Discussion