Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACS 5.2 EAP-TLS with external certificates.

Hi,

  I have created several server and client certificates of my EAP-TLS infrastructure.

With OpenSSL I have successfully installed de CA in the ACS:

Users and Identity Stores >  ... >  Certificate Authorities >  Edit: "Ejemplo de Certificado de Servidor CA

Issued To:  Ejemplo de Certificado de Servidor
Issued By:  Ejemplo de Certificado de Servidor
Valid From:  21:21 04.11.2010 
Valid To (Expiration):  21:21 03.01.2011 
Serial Number:  8b8c79bb7a815d59

Also in the Wireless Client the same CA and the client certificate:

Now I must install de server certificate in the ACS, but with the different test I always obtain the same error:

"unable to parse certificate"

Without the server certificate in the ACS I always obtain the same error:

EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client  certificates chain

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.2.0.26

server.crt
server.csr
server.key
server.p12
server.pem

Best Regards

Everyone's tags (5)
4 REPLIES

Re: ACS 5.2 EAP-TLS with external certificates.

Did you try to generate CSR from ACS 5.2 itself and then use this CSR to get server certificate from CA server?

Cisco Employee

Re: ACS 5.2 EAP-TLS with external certificates.

Hi,

The ACS certificate must respect the ACS requirements.

Supported certificate formats include, DER, PEM, or Microsoft private key proprietary format.

Please takea look into the config example https://supportforums.cisco.com/docs/DOC-13545 where it shows how to install a 3rd party cert into the ACS to be used for EAP-TLS.

You can also find other information at:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/admin_config.html#wp1052640.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

New Member

ACS 5.2 EAP-TLS with external certificates.

Hi,

Were you able to find a solution for this issue.

New Member

I am had the issue with 5.5

I had the same issue with 5.5 and still having the issue after upgrading ACS to 5.6.

5376
Views
0
Helpful
4
Replies
CreatePlease login to create content