Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

How to Generate Self Signed Certificate on ACS 5.1 for PEAP authentication

 

 

Introduction

 

This document describes how to Generate Self Signed Certificate to secure wireless access using Wireless LAN controllers and Cisco Secure Access Control Server (ACS) 5.1 via Protected Extensible Authentication Protocol (PEAP) with Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 2.

 

Network Diagram

 

 

6.jpg

 

 

Generate a self signed certificate on ACS 5.1

 

System Administrator --> Configuration--> Local Server Certificates--> Local Certificates. Click Add in order to create a new self signed certificate.

 

 

1.jpg

 

 

 

In Step 1, Under Server Certificate Creation Method, select "Generate Self Signed certificate. By selecting this option ACS will generate a Self-Signed certificate. Click Next.

 

 

 

2.jpg

 

 

In Step 2, add the following information;-

    • Certificate subject
    • Key length
    • Expiration TTL

 

Under Protocol Section, check box for EAP:Used for EAP Protocols that use SSL/TLS Tunneling.

 

 

3.jpg

 

 

Click Finish.Now under Local Certificates, New self-Signed certificate is available.

 

In Order to enable PEAP authentication, Go to Access Policies--> Access Services-->Default Network Access and "EDIT" the

Default Network Access and check "ALLOW PEAP" under Authentication Protocols. Also check "Allow EAP-MS-CHAPv2".

 

 

5.jpg

 

 

Click Submit in order to save the changes.

 

For information on Certificate installation using third party certificate authority you can check

 

Reference Link

 

PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server

Version history
Revision #:
2 of 2
Last update:
‎08-29-2017 05:56 AM
Updated by:
 
Contributors