I have configured a ACS Server 4.1 with a certificate from a internal Novell CA. Authentication to the ACS Server works fine and the Group Mappings works also without troubles.
The customer now wants to use eap-tls in the wlan configuration. Authentication with username and password works fine. If I activate the validate server certificate in the wlan configuration settings from windows xp, than I haven't access to the network. I get an error message on the client and in the acs log I see an error with eap-tls ssl handshake !?!
Are there any problems with novell ca and novell certificates???
The limitations in the ACS implementation of EAP-TLS are:
?Server and CA certificate file format?If you install the ACS server and CA certificates from files, rather than from certificate storage, server and CA certificate files must be in Base64-encoded X.509 format or DER-encoded binary X.509 format.
?LDAP attribute for binary comparison?If you configure ACS to perform binary comparison of user certificates, the user certificate must be stored in the Active Directory or an LDAP server by using a binary format. Also, the attribute storing the certificate must be named usercertificate.
?Windows server type?If you want to use Active Directory to authenticate users with EAP-TLS when ACS runs on a member server, additional configuration is required.
Apart from that, make sure that you have installed Novell CA Root certificate from,
I have no active directory only a novell nds and a novell ca. I have tested this without a user certificate on the client. We only want to see, if the verification of the server certificate works....in this case I got the error message with the eap-tls ssl handshake failure...
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :