topic ACS 5.2 and EAP-TLS in Network Access Control https://community.cisco.com/t5/network-access-control/acs-5-2-and-eap-tls/m-p/1702158#M232700 <P>I am trying to set up EAP-TLS authentication for my wireless access points, but I can't sign my ACS certificate with my enterprise CA certificate.</P><P></P><P>If I generate a self-signed certificate on the ACS server, and try to sign it on my CA, I get an ASN tag error.&nbsp; It looks like that is because the ACS server is not in the certificate path of the CA server.</P><P></P><P>If I generate a certificate on the CA and try to import it into ACS, I get a "unable to parse certificate" error.&nbsp; Is there a way to edit the Certificate Trust List in 5.2?&nbsp; It looks like that was possible with 4.2, but not with the latest version.</P><P></P><P>Does anyone have any ideas what the right procedure is?&nbsp; I've read that you do not need the private key to sign it, but with or without it, it didn't work.</P><P></P><P>I used Openssl to extract and combine the certificates and keys.</P> Mon, 11 Mar 2019 01:11:08 GMT raymondhugh 2019-03-11T01:11:08Z ACS 5.2 and EAP-TLS https://community.cisco.com/t5/network-access-control/acs-5-2-and-eap-tls/m-p/1702158#M232700 <P>I am trying to set up EAP-TLS authentication for my wireless access points, but I can't sign my ACS certificate with my enterprise CA certificate.</P><P></P><P>If I generate a self-signed certificate on the ACS server, and try to sign it on my CA, I get an ASN tag error.&nbsp; It looks like that is because the ACS server is not in the certificate path of the CA server.</P><P></P><P>If I generate a certificate on the CA and try to import it into ACS, I get a "unable to parse certificate" error.&nbsp; Is there a way to edit the Certificate Trust List in 5.2?&nbsp; It looks like that was possible with 4.2, but not with the latest version.</P><P></P><P>Does anyone have any ideas what the right procedure is?&nbsp; I've read that you do not need the private key to sign it, but with or without it, it didn't work.</P><P></P><P>I used Openssl to extract and combine the certificates and keys.</P> Mon, 11 Mar 2019 01:11:08 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-and-eap-tls/m-p/1702158#M232700 raymondhugh 2019-03-11T01:11:08Z ACS 5.2 and EAP-TLS https://community.cisco.com/t5/network-access-control/acs-5-2-and-eap-tls/m-p/1702159#M232778 <HTML><HEAD></HEAD><BODY><P>The certificate trust list can be modified at the following location:</P><P></P><P></P><P>Users and Identity Stores &gt; Certificate Authorities</P><P></P><P>This is the list of certificate authorities and each can be marked as to whether they are trusted for EAP-TLS</P></BODY></HTML> Sun, 26 Jun 2011 07:01:30 GMT https://community.cisco.com/t5/network-access-control/acs-5-2-and-eap-tls/m-p/1702159#M232778 jrabinow 2011-06-26T07:01:30Z