Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Local EAP with SHA256 certificates

We are using a third party certification authority (Entrust) and the certificates generated by the CA are SHA256 certificates.  I see ACS does not currently support support the SHA 256 certs, but TAC says software versions 7.3x and above on the WLC do support the certs.  The certificates also have the Entended Key Usage (EKU) marked as critical.  I am using software version 7.4.0.100 on the WLC without success, however SHA1 certificates work fine.  Anyone currently using SHA256 certificates with Local-EAP?

  • Security and Network Management
4 REPLIES
Hall of Fame Super Silver

Local EAP with SHA256 certificates

I didn't think sha256 was supported.  I would ask for the doc that specifies the WLC can use sha256 and custom EKU's which also don't think is supported.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****

Local EAP with SHA256 certificates

You have the issue with installing the SHA256 cert? or it is installed successfully but it does not work?

or you are not able to install it?
I remember with earlier codes (7.0) those could not be installed and you can see the message indicating that this cert is not supported if you enable (debug transfer....) during the installation process.

Try the debug and see what it says.

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
New Member

Local EAP with SHA256 certificates

I have no problem installing the SHA256 certificates.  Even with software version 7.0.235.5 on the WLC I can install the vendor CA and device certificate.  Once installed the certs show up correctly in the GUI and when I run the sh local-auth certs command.

Hall of Fame Super Silver

Local EAP with SHA256 certificates

So you are able to install the cert, but its not working when using local EAP?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

Thanks, Scott *****Help out other by using the rating system and marking answered questions as "Answered"*****
324
Views
0
Helpful
4
Replies
This widget could not be displayed.