08-05-2014 10:51 AM - edited 03-10-2019 09:55 PM
Hi All,
We are configuring a new setup for wired users authentication with 802.1x(EAP-TLS). ACS 5.5 we are using as authentication server.
We have added the root CA(internal) certificate and certifcate for ACS signed by CA. Now We want to check the authentication is working or not . I hope both root CA and identity certifcate also we need to install in the laptops. But I am not sure how to download the certifcates for client machine manually from CA.
Kindly suggest on how to get certificates for clients both manually as well as automatically?
Thanks,
Vijay
Solved! Go to Solution.
08-05-2014 09:05 PM
Hi Vijay,
for the Wired 802.1x (EAP-TLS) you need to have following certificates:
On ACS--- Root CA, Intermediate CA, Server Certificate
On Client-- Root CA, Intermediate CA, User certificate(In case of user authentication) OR Machine certificae(In case of Machine authentication)
I am not sure which third party certificate are you using, If its in house Microsoft or any other certificate server then you need download the client certificate from the server itself.
In case of Microsoft, There will be a template for user certificate. You can select it and create user certificate
This one is an old document, But has steps to configure Machine certificate for the user, You can see the steps to download user certificate if its Microsoft server:
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/43722-acs-eap.html#wc-2
In case You are using the third party certificate serevr , Then you need to check with them on how to download the user certificate
Cheers
Minakshi(rate the helpful post)
08-05-2014 09:05 PM
Hi Vijay,
for the Wired 802.1x (EAP-TLS) you need to have following certificates:
On ACS--- Root CA, Intermediate CA, Server Certificate
On Client-- Root CA, Intermediate CA, User certificate(In case of user authentication) OR Machine certificae(In case of Machine authentication)
I am not sure which third party certificate are you using, If its in house Microsoft or any other certificate server then you need download the client certificate from the server itself.
In case of Microsoft, There will be a template for user certificate. You can select it and create user certificate
This one is an old document, But has steps to configure Machine certificate for the user, You can see the steps to download user certificate if its Microsoft server:
http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/43722-acs-eap.html#wc-2
In case You are using the third party certificate serevr , Then you need to check with them on how to download the user certificate
Cheers
Minakshi(rate the helpful post)
08-06-2014 10:13 AM
Thanks Minakshi for the reply. We have Microsoft AD . We used auto enrollment of certificates to domain machines . Now dot1x EAP TLS is working fine .
08-07-2014 08:58 PM
Welcome Vijay
Cheers!!!(Do rate the helpful post)
Minakshi
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide