Solved: Re: ACS 4.0 EAP-TLS Cert not working

thanmad · ‎03-31-2009

Hey,

so i generated my certificate signing request, took it to my CA, got a cert. From "ACS Certification Authority Setup" i installed it onto my ACS appliance, then from "Install ACS Certificate" installed it (it prepopulated the privkey and password so i assume it got that from the cert file). I then add the CA from the "Edit Certificate Trust List". All this goes off without a hitch.

However when i try to add the "Certificate Revocation List" I am unable to add both LDAP:\\\ and http://. I have confirmed that the http:// is working on the CA, and every indication is that the ldap is working too but i don't know of the tools to test that with.

When i go into "System Configuration"->"Global Authentication Setup"->"Allow EAP-TLS" i get the following error.

Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.

What exactly is not installed about the Certificate? it's on the ACS server, it's configured and the date range is correct.

I've been banging my head against this all day and could use some suggestions. :)

sahmedshahcsd · ‎04-01-2009

Hello,

For EAP-TLS to work you have to use external CA setup such as Microsoft or Rapid SSL etc.,and Self generated certificates in ACS supports PEAP but not EAP-TLS.

HTH

Ahmed

View solution in original post

sahmedshahcsd · ‎04-01-2009

Hello,

For EAP-TLS to work you have to use external CA setup such as Microsoft or Rapid SSL etc.,and Self generated certificates in ACS supports PEAP but not EAP-TLS.

HTH

Ahmed

thanmad · ‎04-01-2009

Yes, i am using Microsoft's CA which is why when i explained my issue i said that i took it to my CA to create the cert.

Jagdeep Gambhir · ‎04-01-2009

Then it is not a root CA. You seems to be generation cert from Intermediate CA.

Regards,

~JG

Do rate helpful posts

thanmad · ‎04-01-2009

I looked into it, this is the root CA for our organization, it contains all the certificates we are using in our organization. I'm at a loss.

Is there anything i can look at, debugs, logs etc to see an actual error message?

thanmad · ‎04-01-2009

Yes, i am using Microsoft's CA which is why when i explained my issue i said that i took it to my CA to create the cert.

Jagdeep Gambhir · ‎04-01-2009

Please check if your CA is a ROOT CA or Intermediate CA.

thanmad · ‎04-01-2009

Ok, i now understand it a little better. I needed to install 2 certificates. the first being the Root CA's certificate in the "ACS Certification Authority Setup" section (i mistakenly thought this was simply where i download my generated cert for the next spot.

The second cert is the one i generated using "Generate Certificate Signing Request", i then took that to my Root CA, generated a cert and installed that along with the private key under "Install ACS Certificate".

Thanks for pointing me in the right direction since the error i was getting wasnt helpful to me.