Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PEAP, ACS, Aironet, and W2K CA

I would like to ask if anyone knows of a resource that effectively spells out how to configure and use Microsoft CA services to issues valid certs for a PEAP implementation using a W2K installation of ACS 3.1, Aironet 1220 wireless access points, and the 6.x ACU. The only documentation I could find on the Cisco site is poorly lacking. My ACS TAC engineer wrote up his own documentation, but following these directions, I install only root certs, not server certs. I cannot get an authoritative answer to simple questions, such as what node gets what kind of cert, and etc.

Thank you,

Paul Dieterich


Re: PEAP, ACS, Aironet, and W2K CA

New Member

Re: PEAP, ACS, Aironet, and W2K CA

I ran into the same issue when first attempting to configure PEAP. I also received some PEAP configuration documents from TAC which was pretty straightforward but I also ran into some "gotchas" with it. The way that I configured the CA server was as a Standalone Root CA, generated a private key using ACS, and then pasted the private key generated from the ACS server into the Advanced Certificate Request Form as a Base64 Encoded Certificate Request so I could then download and install the issued certificate to the ACS server. Once that was completed, I configured my APs and then generated the client certificates and installed them for the clients. One of the big "gotchas" that I ran into was concerning the supplicants (clients). Windows 2K clients must install a Microsoft "Hot-Fix" or patch in order to select the authentication type with their Network Properties and select specific certificate settings. I've got some documentation on this, if you would like for me to pass it along.

Hope this helps.


CreatePlease to create content