https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051991#M172124 <HTML><HEAD></HEAD><BODY><P>Jesus,</P><P></P><P>Are you saying that the ACS cert is signed or is it a self signed certificate?</P><P></P><P>Thanks,</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Fri, 02 Nov 2012 21:06:45 GMT Tarik Admani 2012-11-02T21:06:45Z https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051990#M172119 <P>I'm going crazy because of clients rejecting ACS certificate.</P><P></P><P>I have deployed successfully one ACS 5.2 in a HQ with EAP-TLS and PEAP and everything is working fine. There is only one main CA.</P><P></P><P>Problem is while deploying another ACS 5.2 against another AD with surrogate CAs. I'm getting an error with "<SPAN style="color: #ff0000;"><STRONG>12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ACS local-certificate</STRONG></SPAN>". The clients has the ACS self signed certificate loaded as well as the surrogate CA and the user certificate.</P><P></P><P>Any suggestion would be appreciated.</P> Mon, 11 Mar 2019 02:44:38 GMT https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051990#M172119 JPavonM 2019-03-11T02:44:38Z https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051991#M172124 <HTML><HEAD></HEAD><BODY><P>Jesus,</P><P></P><P>Are you saying that the ACS cert is signed or is it a self signed certificate?</P><P></P><P>Thanks,</P><P></P><P></P><P>Tarik Admani <BR />*Please rate helpful posts*</P></BODY></HTML> Fri, 02 Nov 2012 21:06:45 GMT https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051991#M172124 Tarik Admani 2012-11-02T21:06:45Z https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051992#M172128 <HTML><HEAD></HEAD><BODY><P>We have generated a certificate in ACS and it has been signed by the CA.</P><P></P><P>Then, in Certification authorities we have added both ACS signed certificate and CA certificate (trusted for EAP clients) with its corresponding CRL.</P></BODY></HTML> Mon, 05 Nov 2012 10:00:51 GMT https://community.cisco.com/t5/network-access-control/rejected-acs-local-certificate-with-surrogate-ca/m-p/2051992#M172128 JPavonM 2012-11-05T10:00:51Z