We are wanting to authenticate our internal wireless users using our Cisco ACS running 5.3. The ACS will poll our Active Directory environment for the username and password provided. I created a CSR on the ACS and provided it to Entrust. They provided me with a root, chain and server certificate. I binded the server certificate to the CSR under System Administration>Local Server Certificates>Local Certificates. I then added the chain and root certificates to the location Users and Identity Stores>Certificate Authorities. When I try to connect on a client laptop it asks for a username and password but after entering that information I am presented with the below certificate warning. This certificate is from Entrust and I see the root certificate in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have any answers. They say it is a client machine problem.
From the problem description, it's clear that you're attempting to connect user on a wireless network via peap. From the ACS stand point, your configuration looks good. However, I'd like to know what all certificate have you installed on the client side. Do we have complete chain installed on the client that includes Root CA and intermediate (if any). Would you mind emailing me your complete certificate chain for my reference?
Also, let me know what OS and supplicant are we running on end client?
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...