Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5969
Views
0
Helpful
4
Replies

ACS 5.2 EAP-TLS with external certificates.

jorge.novo
Level 1
Level 1

‎11-05-2010 05:08 AM - edited ‎03-10-2019 05:33 PM

Hi,

  I have created several server and client certificates of my EAP-TLS infrastructure.

With OpenSSL I have successfully installed de CA in the ACS:

Users and Identity Stores >  ... >  Certificate Authorities >  Edit: "Ejemplo de Certificado de Servidor CA

Issued To:  Ejemplo de Certificado de Servidor
Issued By:  Ejemplo de Certificado de Servidor
Valid From:  21:21 04.11.2010 
Valid To (Expiration):  21:21 03.01.2011 
Serial Number:  8b8c79bb7a815d59

Also in the Wireless Client the same CA and the client certificate:

Now I must install de server certificate in the ACS, but with the different test I always obtain the same error:

"unable to parse certificate"

Without the server certificate in the ACS I always obtain the same error:

EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client  certificates chain

Cisco ACS VERSION INFORMATION
-----------------------------
Version : 5.2.0.26

server.crt
server.csr
server.key
server.p12
server.pem

Best Regards

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Yudong Wu
Level 7
Level 7

‎11-05-2010 09:32 AM

Did you try to generate CSR from ACS 5.2 itself and then use this CSR to get server certificate from CA server?

0 Helpful

Tiago Antunes
Cisco Employee
Cisco Employee

‎11-08-2010 03:41 AM

Hi,

The ACS certificate must respect the ACS requirements.

Supported certificate formats include, DER, PEM, or Microsoft private key proprietary format.

Please takea look into the config example https://supportforums.cisco.com/docs/DOC-13545 where it shows how to install a 3rd party cert into the ACS to be used for EAP-TLS.

You can also find other information at:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/user/guide/admin_config.html#wp1052640.

HTH,

Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

0 Helpful

Sandeep Verma
Level 1
Level 1
In response to Tiago Antunes

‎03-03-2014 12:48 AM

Hi,

Were you able to find a solution for this issue.

0 Helpful

ted.schwind
Level 1
Level 1

‎04-13-2015 09:04 AM

I had the same issue with 5.5 and still having the issue after upgrading ACS to 5.6.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents