Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 5 EAP-TLS

How do we add a trust authority on ACS 5?  We also get an error when the client authenticate by eap-tls.

12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain  this sound like the Trust Authority on client is not matchi with on ACS server , is that right?

Thanks,

  • AAA Identity and NAC
2 REPLIES
New Member

Re: ACS 5 EAP-TLS

Hi,

  Seems to be that, or also you are not installed the CA in the ACS

CA Certificate

          | ________ Server Certificate

          |______________Client certificate

Ensure that the certificate authority that signed the client's certificate is  correctly installed in the Certificate Authorities page (Users and Identity  Stores: Certificate Authorities). Check the OpenSSLErrorMessage and  OpenSSLErrorStack for more information. If CRL is configured, check the System  Diagnostics for possible CRL downloading faults.

Un Saludo

Cisco Employee

Re: ACS 5 EAP-TLS

You are correct, the ACS doesn't have the CA for the client certificate being presented.  This can be added under Users and Identity Stores -> Certificate Authorties, If it is a multi-tiered CA you can add each certificate in the chain here.

--Jesse

1981
Views
0
Helpful
2
Replies
This widget could not be displayed.