09-11-2013 10:29 AM - edited 02-21-2020 10:28 AM
We are wanting to authenticate our internal wireless users using our Cisco ACS running 5.3. The ACS will poll our Active Directory environment for the username and password provided. I created a CSR on the ACS and provided it to Entrust. They provided me with a root, chain and server certificate. I binded the server certificate to the CSR under System Administration>Local Server Certificates>Local Certificates. I then added the chain and root certificates to the location Users and Identity Stores>Certificate Authorities. When I try to connect on a client laptop it asks for a username and password but after entering that information I am presented with the below certificate warning. This certificate is from Entrust and I see the root certificate in the root store on the laptop. Any ideas what would cause this. TAC does not seem to have any answers. They say it is a client machine problem.
Solved! Go to Solution.
09-12-2013 07:26 PM
In case you'd like to verify the settings in your setup.
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
~BR
Jatin Katyal
**Do rate helpful posts**
09-12-2013 07:24 PM
From the problem description, it's clear that you're attempting to connect user on a wireless network via peap. From the ACS stand point, your configuration looks good. However, I'd like to know what all certificate have you installed on the client side. Do we have complete chain installed on the client that includes Root CA and intermediate (if any). Would you mind emailing me your complete certificate chain for my reference?
Also, let me know what OS and supplicant are we running on end client?
~BR
Jatin Katyal
**Do rate helpful posts**
09-12-2013 07:26 PM
In case you'd like to verify the settings in your setup.
http://www.cisco.com/en/US/products/ps10315/products_configuration_example09186a0080bd1100.shtml
~BR
Jatin Katyal
**Do rate helpful posts**
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: