Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

EAP-TLS Certificate Installation


I generated a certificate on my ACS - how do I add it to my windows PC wireless client so I can use it for EAP-TLS. On my windows PC I found certificate import wizard but the types supported are for .P7B, .PFX, .P12 file type and I believe the one on the ACS is a .ca file. Also how do I get it off the ACS for distribution. Thank You - Sean

  • Security and Network Management
New Member

Re: EAP-TLS Certificate Installation


Do you have an root CA into your network? Did you use this to generate the Server certificate for ACS or you have used "generate self-signed certificate" option to do that? Using self-signed certificate you'll can use PEAP authentication only. For EAP-TLS authentication, you need a root CA server to generate a server certificate to ACS and a client certificate to users. Server and CA certificate files must be in Base64-encoded X.509

format or DER-encoded binary X.509 format. Use SHA-1 and a key size of 1024.The windows server has a certificate service and you can use it to generate these files.


New Member

Re: EAP-TLS Certificate Installation

ok - thanks. So now I am running PEAP - don't care which I run (PEAP - EAPFAST) as long as the tunnel setup is out of band - i.e. via .pac file or Certificate (don't have a securid which would also work for my security requirements). I have a certificate generated on my ACS so how do I get it to my laptop out of band like. I do not have a Windows CA server for EAP-TLS or PEAP. I just want to generate a certificate on my ACS and load it on my laptop and GO! _ thanks much

New Member

Re: EAP-TLS Certificate Installation

This should prove cure for your network security requirement :

Go for "Self signed ceritificate" option, and in this link it also talks about how to intall it on a Client.

Let me know if it helps :)