Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1631
Views
0
Helpful
3
Replies

802.1x EAP-TLS for wired users with ACS 5.5

Go to solution
vijay kumar
Level 2
Level 2

‎08-05-2014 10:51 AM - edited ‎03-10-2019 09:55 PM

 

Hi All,

 

We are configuring a new setup for wired users authentication with 802.1x(EAP-TLS). ACS 5.5 we are using as authentication server.

We have added the root CA(internal) certificate and certifcate for ACS signed by CA. Now We want to check the authentication is working or not . I hope both root CA and identity certifcate also we need to install in the laptops. But I am not sure how to download the certifcates for client machine manually from CA.

 

Kindly suggest on how to get certificates for clients both manually as well as automatically?

 

Thanks,

Vijay

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
minkumar
Level 1
Level 1

‎08-05-2014 09:05 PM

Hi Vijay,

 

   for the Wired 802.1x (EAP-TLS) you need to have following certificates:

 

On ACS--- Root CA, Intermediate CA, Server Certificate

On Client-- Root CA, Intermediate CA, User certificate(In case of user authentication) OR Machine certificae(In case of Machine authentication)

 

 I am not sure which third party certificate are you using, If its in house Microsoft or any other certificate server then you need download the client certificate from the server itself. 

In case of Microsoft, There will be a template for user certificate. You can select it and create user certificate

 

This one is an old document, But has steps to configure Machine certificate for the user, You can see the steps to download user certificate if its Microsoft server:

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/43722-acs-eap.html#wc-2

 

In case You are using the third party certificate serevr , Then you need to check with them on how to download the user certificate

 

 

 

Cheers

Minakshi(rate the helpful post)

 

 

 

 

 

View solution in original post

0 Helpful
3 Replies 3

Go to solution
minkumar
Level 1
Level 1

‎08-05-2014 09:05 PM

Hi Vijay,

 

   for the Wired 802.1x (EAP-TLS) you need to have following certificates:

 

On ACS--- Root CA, Intermediate CA, Server Certificate

On Client-- Root CA, Intermediate CA, User certificate(In case of user authentication) OR Machine certificae(In case of Machine authentication)

 

 I am not sure which third party certificate are you using, If its in house Microsoft or any other certificate server then you need download the client certificate from the server itself. 

In case of Microsoft, There will be a template for user certificate. You can select it and create user certificate

 

This one is an old document, But has steps to configure Machine certificate for the user, You can see the steps to download user certificate if its Microsoft server:

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/43722-acs-eap.html#wc-2

 

In case You are using the third party certificate serevr , Then you need to check with them on how to download the user certificate

 

 

 

Cheers

Minakshi(rate the helpful post)

 

 

 

 

 

0 Helpful

Go to solution
vijay kumar
Level 2
Level 2
In response to minkumar

‎08-06-2014 10:13 AM

Thanks Minakshi for the reply. We have Microsoft AD . We used auto enrollment of certificates to domain machines . Now dot1x EAP TLS is working fine .

 

 

0 Helpful

Go to solution
minkumar
Level 1
Level 1
In response to vijay kumar

‎08-07-2014 08:58 PM

Welcome Vijay

 

 Cheers!!!(Do rate the helpful post)

Minakshi

0 Helpful
Customers Also Viewed These Support Documents