Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

802.1x EAP-TLS for wired users with ACS 5.5

 

Hi All,

 

We are configuring a new setup for wired users authentication with 802.1x(EAP-TLS). ACS 5.5 we are using as authentication server.

We have added the root CA(internal) certificate and certifcate for ACS signed by CA. Now We want to check the authentication is working or not . I hope both root CA and identity certifcate also we need to install in the laptops. But I am not sure how to download the certifcates for client machine manually from CA.

 

Kindly suggest on how to get certificates for clients both manually as well as automatically?

 

Thanks,

Vijay

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Hi Vijay,    for the Wired

Hi Vijay,

 

   for the Wired 802.1x (EAP-TLS) you need to have following certificates:

 

On ACS--- Root CA, Intermediate CA, Server Certificate

On Client-- Root CA, Intermediate CA, User certificate(In case of user authentication) OR Machine certificae(In case of Machine authentication)

 

 I am not sure which third party certificate are you using, If its in house Microsoft or any other certificate server then you need download the client certificate from the server itself. 

In case of Microsoft, There will be a template for user certificate. You can select it and create user certificate

 

This one is an old document, But has steps to configure Machine certificate for the user, You can see the steps to download user certificate if its Microsoft server:

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/43722-acs-eap.html#wc-2

 

In case You are using the third party certificate serevr , Then you need to check with them on how to download the user certificate

 

 

 

Cheers

Minakshi(rate the helpful post)

 

 

 

 

 

3 REPLIES
New Member

Hi Vijay,    for the Wired

Hi Vijay,

 

   for the Wired 802.1x (EAP-TLS) you need to have following certificates:

 

On ACS--- Root CA, Intermediate CA, Server Certificate

On Client-- Root CA, Intermediate CA, User certificate(In case of user authentication) OR Machine certificae(In case of Machine authentication)

 

 I am not sure which third party certificate are you using, If its in house Microsoft or any other certificate server then you need download the client certificate from the server itself. 

In case of Microsoft, There will be a template for user certificate. You can select it and create user certificate

 

This one is an old document, But has steps to configure Machine certificate for the user, You can see the steps to download user certificate if its Microsoft server:

http://www.cisco.com/c/en/us/support/docs/security/secure-access-control-server-windows/43722-acs-eap.html#wc-2

 

In case You are using the third party certificate serevr , Then you need to check with them on how to download the user certificate

 

 

 

Cheers

Minakshi(rate the helpful post)

 

 

 

 

 

New Member

Thanks Minakshi for the reply

Thanks Minakshi for the reply. We have Microsoft AD . We used auto enrollment of certificates to domain machines . Now dot1x EAP TLS is working fine .

 

 

New Member

Welcome Vijay  Cheers!!!(Do

Welcome Vijay

 

 Cheers!!!(Do rate the helpful post)

Minakshi

721
Views
0
Helpful
3
Replies
CreatePlease login to create content