×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

The certificate in the Trust List not found ACS 4.2

Unanswered Question
Jul 21st, 2013
User Badges:

Hi guys


I have a problem, after installing the certificate in the ACS (and restart the ACS) the new certificate in the Trust List does not appear.


Any idea?


TIA

Cristian

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jatin Katyal Mon, 07/22/2013 - 03:39
User Badges:
  • Cisco Employee,

Hi Cristian,


I'd like to know where exactly you installed the certificate under system configuration > ACS certificate setup.


Only certificate installed under System Configuration > ACS Certificate Setup > ACS Certification Authority Setup will appear in Certificate Trust List.



You may visit the below listed link for more detail.


http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/peap_tls.html#wp999606



~BR
Jatin Katyal

**Do rate helpful posts**

Jatin Katyal Tue, 07/23/2013 - 10:53
User Badges:
  • Cisco Employee,

Did you get a chance to check where exactly you installed the cert?

Let us know if you need any further assistance.



~BR
Jatin Katyal

**Do rate helpful posts**

cristian.munoz Tue, 07/23/2013 - 15:41
User Badges:

Hi Jatin


Thanks for your answer, but I don´t know how to do this, because this is a ACS Appliance.

I'm looking for information to do this.


TIA


Cristian.

Jatin Katyal Tue, 07/23/2013 - 16:23
User Badges:
  • Cisco Employee,

I don't think you need to perform any steps. My question was where exactly the certificate was installed.


Only certificate installed under System Configuration > ACS Certificate Setup > ACS Certification Authority Setup will appear in Certificate Trust List.


If you've installed the certificate under system configuration > ACS certificate setup > Install certificate then that would not come up in the certificate Trust list.


~BR
Jatin Katyal

**Do rate helpful posts**

cristian.munoz Wed, 07/24/2013 - 18:12
User Badges:

Dear Jatin


I followed your recomendation and now failed because the CA certificate is not installed.


Pls see the pictures.





TIA

Cristian

Jatin Katyal Wed, 07/24/2013 - 18:36
User Badges:
  • Cisco Employee,

I guess your original query got resolved and now you can see the root CA certificate in the trust list and now you're unable to initiate the peap as an EAP method and getting an error message:


Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is  not installed. Well, this occurs for 2 reasons:


1.] The CA certificate is not installed properly. Did you restart the services under system configuration > services control?

2.] The intermediate or subordinate certificate was not installed and that is why you're unable to check Peap as an eap method.



~BR
Jatin Katyal

**Do rate helpful posts**

cristian.munoz Mon, 07/29/2013 - 12:13
User Badges:

Dear Jatin


I have a question, How many new certificates must appear in the Trust List?

TIA

Cristian

Jatin Katyal Mon, 07/29/2013 - 12:19
User Badges:
  • Cisco Employee,

It will show you all intermediate and root CA certificates. Even if you change your CA and install a different chain, it will show that as well unless you manually delete them.



~BR
Jatin Katyal

**Do rate helpful posts**

cristian.munoz Mon, 07/29/2013 - 13:37
User Badges:

Dear Jatin


Thanks again.

In this PEAP or EAP-TLS authentication process, what is the flow of traffic between the ACS and the CA or AD?

I need to discard FW issues.


TIA

Cristian

Actions

This Discussion