Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
349
Views
0
Helpful
3
Replies

PEAP, ACS and certificates

loobitize
Level 1
Level 1

‎04-10-2006 05:36 PM - edited ‎07-04-2021 11:56 AM

We recently purchase a Cisco 4200 LAN Controller and 1131ag access points. We also have a Cisco ACS with 3.3.3 installed. I have been researching what is the best security option and PEAP MSCHAPv2 with WPA2 seems to make the most sense for us since it is highly secure and does not require client side certificates. I am running into a bit of trouble with this implementation because we do not have an in house CA. Can I install a certificate from a third party, such as versign on the ACS? What type of certificate do I need? Do I need to use the Cisco client utility or can I just use windows with the builtin laptop wireless adapters?

thanks

Labels:
0 Helpful
3 Replies 3

scottmac
Level 10
Level 10

‎04-10-2006 06:37 PM

ACS can generate a "self-signed" certificate. For many/most security implementations, it is sufficient.

If you want to go with a third-party cert (like Verisign), talk to them and see what they offer. They may have a package price for a variety of certificates (server-side auth, email verificatation ...).

The MS wireless driver should work fine, but make sure you are using XP w/ Service Pack2 on the clients. If you have Win2K, *nix, or (probably, maybe?) Mac, you'll want/need to use the Cisco drivers & client application.

Good Luck

Scott

0 Helpful

loobitize
Level 1
Level 1
In response to scottmac

‎04-10-2006 07:03 PM

The only reason I wanted to go with a third party like verisign is because the windows clients would already trust a cert from them. How do I get my Windows clients to trust the self generated cert?

0 Helpful

svanhandel
Level 1
Level 1
In response to loobitize

‎04-11-2006 02:00 PM

The windows clients will trust them if they trust the root CA. A trusts B, B trusts C so therefore A trusts C. 1. Install Root Cert on ACS box. 2. Install Identity Cert on ACS. 3. Make sure your windows clients trust the root from where you received the indentity cert for your ACS box.

BTW: The self signed cert from ACS is only good for 1 year.

Where you aware that Cert services are offered with Windows 2000/2003 server? It's fairly easy to setup. One drawback with 2003 is that you have to create a web template for the cert for ACS but's there are plenty of doc's out there. Search for "ACS Certificate Windows PEAP". Just post again if you have any questions...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card