Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

How to Generate Self Signed Certificate on ACS 5.1 for PEAP authentication





This document describes how to Generate Self Signed Certificate to secure wireless access using Wireless LAN controllers and Cisco Secure Access Control Server (ACS) 5.1 via Protected Extensible Authentication Protocol (PEAP) with Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 2.


Network Diagram






Generate a self signed certificate on ACS 5.1


System Administrator --> Configuration--> Local Server Certificates--> Local Certificates. Click Add in order to create a new self signed certificate.







In Step 1, Under Server Certificate Creation Method, select "Generate Self Signed certificate. By selecting this option ACS will generate a Self-Signed certificate. Click Next.







In Step 2, add the following information;-

    • Certificate subject
    • Key length
    • Expiration TTL


Under Protocol Section, check box for EAP:Used for EAP Protocols that use SSL/TLS Tunneling.






Click Finish.Now under Local Certificates, New self-Signed certificate is available.


In Order to enable PEAP authentication, Go to Access Policies--> Access Services-->Default Network Access and "EDIT" the

Default Network Access and check "ALLOW PEAP" under Authentication Protocols. Also check "Allow EAP-MS-CHAPv2".






Click Submit in order to save the changes.


For information on Certificate installation using third party certificate authority you can check


Reference Link


PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Version history
Revision #:
2 of 2
Last update:
‎08-29-2017 05:56 AM
Updated by: