EAP-TLS Certificate Installation

sdoherty · ‎05-11-2006

Hello,

I generated a certificate on my ACS - how do I add it to my windows PC wireless client so I can use it for EAP-TLS. On my windows PC I found certificate import wizard but the types supported are for .P7B, .PFX, .P12 file type and I believe the one on the ACS is a .ca file. Also how do I get it off the ACS for distribution. Thank You - Sean

fshiraishi · ‎05-11-2006

Hi,

Do you have an root CA into your network? Did you use this to generate the Server certificate for ACS or you have used "generate self-signed certificate" option to do that? Using self-signed certificate you'll can use PEAP authentication only. For EAP-TLS authentication, you need a root CA server to generate a server certificate to ACS and a client certificate to users. Server and CA certificate files must be in Base64-encoded X.509

format or DER-encoded binary X.509 format. Use SHA-1 and a key size of 1024.The windows server has a certificate service and you can use it to generate these files.

Regards,

sdoherty · ‎05-12-2006

ok - thanks. So now I am running PEAP - don't care which I run (PEAP - EAPFAST) as long as the tunnel setup is out of band - i.e. via .pac file or Certificate (don't have a securid which would also work for my security requirements). I have a certificate generated on my ACS so how do I get it to my laptop out of band like. I do not have a Windows CA server for EAP-TLS or PEAP. I just want to generate a certificate on my ACS and load it on my laptop and GO! _ thanks much

premdeep.banga · ‎05-12-2006

This should prove cure for your network security requirement :

http://www.cisco.com/en/US/customer/products/sw/secursw/ps2086/products_configuration_example09186a0080545a29.shtml

Go for "Self signed ceritificate" option, and in this link it also talks about how to intall it on a Client.

Let me know if it helps :)