Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

EAP-TLS 802.1x certificate issue..

Hi All,

I m trying to setup eap-tls 802.1x using ACS SE , WLC & CA. The problem i m facing is with installing the CA certificate on ACS appliance. Tried everything from cisco docs but not able to install certificate as its giving " Unsupported private key file format." The steps whic i had performed are...

1) Generate Certificate Signing Request:

Certificate subject ---- CN=idea_acs_01

Private key file ---- privatekeyfile.pem

Private key password -- cisco

Retype private key password -- cisco

Key length --- 1024

Digest to sign with --- SHA1

Then coppied the certificate signing request from the right side & pasted it on CA using "advanced certificate request" & then "Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7 file" option on CA & pasted the output in Base-64-encoded

certificate request. Then issued the certificate from CA & downloaded it on my desktop & then from my desktop to FTP server.

Even made a file naming privatekeyfile.pem with the output got during Generating Certificate Signing Request & uploaded the same on FTP.

2)Install ACS Certificate:

Then downloaded the certificate certnew.cer from FTP server using Download certificate file option. And also Download private key file from the FTP & typed password cisco. But after Submiting it gives error:

"Unsupported private key file format."

m not able to get why this srror is comming. Even tried all the steps above changing the format of Private key file ie .pvk , .pk but its not working for me.

Can anyone guide me whats the issue. Thanks in advance..



New Member

Re: EAP-TLS 802.1x certificate issue..

Hi All,

Still no reply from anyone on this issue.....



Hall of Fame Super Silver

Re: EAP-TLS 802.1x certificate issue..

Have you looked at this:

Try to open up the certificate and verify that it looks something like this:


















*** Please rate helpful posts ***
New Member

Re: EAP-TLS 802.1x certificate issue..

i will check this as soon as i get back to customer place & revert back.. Thanks!!!

New Member

Re: EAP-TLS 802.1x certificate issue..

Is this an appliance? I don't think you have to upload the private key file on appliances. I believe it stores it. Just remember the password for it.

New Member

Re: EAP-TLS 802.1x certificate issue..

Ya its an appliance.. do you mean to say that for appliance i dont need to create a .pem or .pvk file & upload it using ftp server.. what i need to do is just give password which i used initialy while generating the certificate during installing the CA certificate on appliance..

New Member

Re: EAP-TLS 802.1x certificate issue..

yes, that is what I am saying. You only download the ACS server cert and the CA server cert. For private, just specify and name and password and the field for the name will still be filled in when you install the ACS server cert. Don't change the name field, just enter the same password.

New Member

Re: EAP-TLS 802.1x certificate issue..


I ran into this same issue on the non-appliance ACS ver 4.2. After reading all the docs I ended up tacing and it took a total of 5minutes and we went about it a completely different way. This is the guide that was sent to me via tac:

If you do a CSR, it's really quite simple. Once you take the csr request and you input the information into your CA (I'm assuming Windows environment) you'll get a hash key back that you can then paste into ACS and your done.

CreatePlease to create content