11-05-2010 05:08 AM - edited 03-10-2019 05:33 PM
Hi,
I have created several server and client certificates of my EAP-TLS infrastructure.
With OpenSSL I have successfully installed de CA in the ACS:
Users and Identity Stores > ... > Certificate Authorities > Edit: "Ejemplo de Certificado de Servidor CA
Issued To: Ejemplo de Certificado de Servidor
Issued By: Ejemplo de Certificado de Servidor
Valid From: 21:21 04.11.2010
Valid To (Expiration): 21:21 03.01.2011
Serial Number: 8b8c79bb7a815d59
Also in the Wireless Client the same CA and the client certificate:
Now I must install de server certificate in the ACS, but with the different test I always obtain the same error:
"unable to parse certificate"
Without the server certificate in the ACS I always obtain the same error:
EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain
Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.2.0.26
server.crt
server.csr
server.key
server.p12
server.pem
Best Regards
11-05-2010 09:32 AM
Did you try to generate CSR from ACS 5.2 itself and then use this CSR to get server certificate from CA server?
11-08-2010 03:41 AM
Hi,
The ACS certificate must respect the ACS requirements.
Supported certificate formats include, DER, PEM, or Microsoft private key proprietary format.
Please takea look into the config example https://supportforums.cisco.com/docs/DOC-13545 where it shows how to install a 3rd party cert into the ACS to be used for EAP-TLS.
You can also find other information at:
HTH,
Tiago
--
If this helps you and/or answers your question please mark the question as "answered" and/or rate it, so other users can easily find it.
03-03-2014 12:48 AM
Hi,
Were you able to find a solution for this issue.
04-13-2015 09:04 AM
I had the same issue with 5.5 and still having the issue after upgrading ACS to 5.6.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: