Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 4.0 EAP-TLS Cert not working

Hey,

so i generated my certificate signing request, took it to my CA, got a cert. From "ACS Certification Authority Setup" i installed it onto my ACS appliance, then from "Install ACS Certificate" installed it (it prepopulated the privkey and password so i assume it got that from the cert file). I then add the CA from the "Edit Certificate Trust List". All this goes off without a hitch.

However when i try to add the "Certificate Revocation List" I am unable to add both LDAP:\\\ and http://. I have confirmed that the http:// is working on the CA, and every indication is that the ldap is working too but i don't know of the tools to test that with.

When i go into "System Configuration"->"Global Authentication Setup"->"Allow EAP-TLS" i get the following error.

Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.

What exactly is not installed about the Certificate? it's on the ACS server, it's configured and the date range is correct.

I've been banging my head against this all day and could use some suggestions. :)

1 ACCEPTED SOLUTION

Accepted Solutions
New Member

Re: ACS 4.0 EAP-TLS Cert not working

Hello,

For EAP-TLS to work you have to use external CA setup such as Microsoft or Rapid SSL etc.,and Self generated certificates in ACS supports PEAP but not EAP-TLS.

HTH

Ahmed

7 REPLIES
New Member

Re: ACS 4.0 EAP-TLS Cert not working

Hello,

For EAP-TLS to work you have to use external CA setup such as Microsoft or Rapid SSL etc.,and Self generated certificates in ACS supports PEAP but not EAP-TLS.

HTH

Ahmed

New Member

Re: ACS 4.0 EAP-TLS Cert not working

Yes, i am using Microsoft's CA which is why when i explained my issue i said that i took it to my CA to create the cert.

Re: ACS 4.0 EAP-TLS Cert not working

Then it is not a root CA. You seems to be generation cert from Intermediate CA.

Regards,

~JG

Do rate helpful posts

New Member

Re: ACS 4.0 EAP-TLS Cert not working

I looked into it, this is the root CA for our organization, it contains all the certificates we are using in our organization. I'm at a loss.

Is there anything i can look at, debugs, logs etc to see an actual error message?

New Member

Re: ACS 4.0 EAP-TLS Cert not working

Yes, i am using Microsoft's CA which is why when i explained my issue i said that i took it to my CA to create the cert.

Re: ACS 4.0 EAP-TLS Cert not working

Please check if your CA is a ROOT CA or Intermediate CA.

New Member

Re: ACS 4.0 EAP-TLS Cert not working

Ok, i now understand it a little better. I needed to install 2 certificates. the first being the Root CA's certificate in the "ACS Certification Authority Setup" section (i mistakenly thought this was simply where i download my generated cert for the next spot.

The second cert is the one i generated using "Generate Certificate Signing Request", i then took that to my Root CA, generated a cert and installed that along with the private key under "Install ACS Certificate".

Thanks for pointing me in the right direction since the error i was getting wasnt helpful to me.

411
Views
8
Helpful
7
Replies
CreatePlease login to create content