Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

EAP_TLS with ACS 5.2 .Win2k3 as CA

Can anyone provide me a link or document for EAP-TLS with ACS 5.2 ?




New Member

 Initial Self-Signed

 Initial Self-Signed Certificate Generation

An automatically generated, self-signed certificate is placed in the Local Certificate store for each ACS server. This certificate is used to identify ACS for TLS-related EAP protocols and for HTTPS Management protocols.



Hi Salodh,

So this means, CA is not mandatory for EAP-TLS ?

Cisco Employee

EAP-TLS authentication

EAP-TLS authentication involves two elements of trust:

The EAP-TLS negotiation establishes end-user trust by validating, through RSA signature verifications, that the user possesses a keypair that a certificate signs.

This process verifies that the end user is the legitimate keyholder for a given digital certificate and the corresponding user identification in the certificate. However, trusting that a user possesses a certificate only provides a username-keypair binding.

Using a third-party signature, usually from a CA, that verifies the information in a certificate. This third-party binding is similar to the real-world equivalent of the stamp on a passport.

You trust the passport because you trust the preparation and identity-checking that the particular country's passport office made when creating that passport. You trust digital certificates by installing the root certificate CA signature.

CreatePlease to create content