The certificate in the Trust List not found ACS 4.2

cristian.munoz · ‎07-21-2013

Hi guys

I have a problem, after installing the certificate in the ACS (and restart the ACS) the new certificate in the Trust List does not appear.

Any idea?

TIA

Cristian

Jatin Katyal · ‎07-22-2013

Hi Cristian,

I'd like to know where exactly you installed the certificate under system configuration > ACS certificate setup.

Only certificate installed under System Configuration > ACS Certificate Setup > ACS Certification Authority Setup will appear in Certificate Trust List.

You may visit the below listed link for more detail.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/configuration/guide/peap_tls.html#wp999606

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Jatin Katyal · ‎07-23-2013

Did you get a chance to check where exactly you installed the cert?

Let us know if you need any further assistance.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

cristian.munoz · ‎07-23-2013

Hi Jatin

Thanks for your answer, but I don´t know how to do this, because this is a ACS Appliance.

I'm looking for information to do this.

TIA

Cristian.

Jatin Katyal · ‎07-23-2013

I don't think you need to perform any steps. My question was where exactly the certificate was installed.

Only certificate installed under System Configuration > ACS Certificate Setup > ACS Certification Authority Setup will appear in Certificate Trust List.

If you've installed the certificate under system configuration > ACS certificate setup > Install certificate then that would not come up in the certificate Trust list.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

cristian.munoz · ‎07-24-2013

Dear Jatin

I followed your recomendation and now failed because the CA certificate is not installed.

Pls see the pictures.

TIA

Cristian

Jatin Katyal · ‎07-24-2013

I guess your original query got resolved and now you can see the root CA certificate in the trust list and now you're unable to initiate the peap as an EAP method and getting an error message:

Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Well, this occurs for 2 reasons:

1.] The CA certificate is not installed properly. Did you restart the services under system configuration > services control?

2.] The intermediate or subordinate certificate was not installed and that is why you're unable to check Peap as an eap method.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

Jatin Katyal · ‎07-24-2013

You may refer this link:

http://www.cisco.com/en/US/products/sw/secursw/ps208/products_configuration_example09186a0080545a29.shtml#tshoot

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

cristian.munoz · ‎07-29-2013

Dear Jatin

I have a question, How many new certificates must appear in the Trust List?

TIA

Cristian

Jatin Katyal · ‎07-29-2013

It will show you all intermediate and root CA certificates. Even if you change your CA and install a different chain, it will show that as well unless you manually delete them.

~BR
Jatin Katyal

**Do rate helpful posts**

~Jatin

cristian.munoz · ‎07-29-2013

Dear Jatin

Thanks again.

In this PEAP or EAP-TLS authentication process, what is the flow of traffic between the ACS and the CA or AD?

I need to discard FW issues.

TIA

Cristian