Solved: Installing ACS Certificates for EAP-TLS Does not work - Page 2

kfarrington · ‎09-15-2008

Hi all,

I have two problems.

I Generated a ACS CSR and sent this to my windows people and they issued my ACS with a certificate. Cool.

I go to download it onto the ACS and I have to put a "Private key file" in?

What is this file? and where do I get it from? Is it that long string of characters that the CSR generate, that I sent to the windows boys?

Also, I did manage to just put any old rubbish in there? and I was suprised it accepted it.

Restarted the IS service and tried to enable eap-tls on the "global authentication setup" page to only get the message

Failed to initialize PEAP or EAP-TLS authentication protocol because CA

certificate is not installed. Install the CA certificate using "ACS

Certification Authority Setup" page"

Now I am a little confused, as is this because if have setup the ACS incorrectly, because of my mis-understanding of what this private key file is and how it relates to whatever?

Many thx indeed,

Ken

kfarrington · ‎09-19-2008

yes we have :)

I think it is either complaining the the SAN is not populated on the cert or the placement of the cert itself. will update :)

gonna use a util call certreg.exe as this has been a problem before. I did not know that windows had such debugging features :)

Thx man

Ken

knik-knik · ‎09-19-2008

It's nice to have an EAP-TLS implementation in your WLAN. But not until your clients' certificate expire. You will have to re enroll them again ONE by ONE, what if you got hundreds of users in your company, it is really quite difficult to maintain.

Does anyone knows how to overcome this?

Thanks.