https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230370#M353356 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>For EAP-TLS to work you have to use external CA setup such as Microsoft or Rapid SSL etc.,and Self generated certificates in ACS supports PEAP but not EAP-TLS.</P><P></P><P>HTH</P><P>Ahmed</P></BODY></HTML> Wed, 01 Apr 2009 07:31:55 GMT sahmedshahcsd 2009-04-01T07:31:55Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230369#M353355 <P>Hey,</P><P></P><P>so i generated my certificate signing request, took it to my CA, got a cert. From "ACS Certification Authority Setup" i installed it onto my ACS appliance, then from "Install ACS Certificate" installed it (it prepopulated the privkey and password so i assume it got that from the cert file). I then add the CA from the "Edit Certificate Trust List". All this goes off without a hitch.</P><P></P><P>However when i try to add the "Certificate Revocation List" I am unable to add both LDAP:\\\ and <A class="jive-link-custom" href="http://" target="_blank">http://</A>. I have confirmed that the <A class="jive-link-custom" href="http://" target="_blank">http://</A> is working on the CA, and every indication is that the ldap is working too but i don't know of the tools to test that with.</P><P></P><P>When i go into "System Configuration"-&gt;"Global Authentication Setup"-&gt;"Allow EAP-TLS" i get the following error. </P><P></P><P>Failed to initialize PEAP or EAP-TLS authentication protocol because CA certificate is not installed. Install the CA certificate using "ACS Certification Authority Setup" page.</P><P></P><P>What exactly is not installed about the Certificate? it's on the ACS server, it's configured and the date range is correct.</P><P></P><P>I've been banging my head against this all day and could use some suggestions. <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span></P><P></P><P></P> Sun, 10 Mar 2019 23:24:37 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230369#M353355 thanmad 2019-03-10T23:24:37Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230370#M353356 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>For EAP-TLS to work you have to use external CA setup such as Microsoft or Rapid SSL etc.,and Self generated certificates in ACS supports PEAP but not EAP-TLS.</P><P></P><P>HTH</P><P>Ahmed</P></BODY></HTML> Wed, 01 Apr 2009 07:31:55 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230370#M353356 sahmedshahcsd 2009-04-01T07:31:55Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230371#M353357 <HTML><HEAD></HEAD><BODY><P>Yes, i am using Microsoft's CA which is why when i explained my issue i said that i took it to my CA to create the cert.</P></BODY></HTML> Wed, 01 Apr 2009 14:15:06 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230371#M353357 thanmad 2009-04-01T14:15:06Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230372#M353358 <HTML><HEAD></HEAD><BODY><P>Then it is not a root CA. You seems to be generation cert from Intermediate CA.</P><P></P><P></P><P></P><P>Regards,</P><P>~JG</P><P></P><P>Do rate helpful posts</P><P></P><P></P><P></P></BODY></HTML> Wed, 01 Apr 2009 14:26:15 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230372#M353358 Jagdeep Gambhir 2009-04-01T14:26:15Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230373#M353359 <HTML><HEAD></HEAD><BODY><P>Yes, i am using Microsoft's CA which is why when i explained my issue i said that i took it to my CA to create the cert.</P></BODY></HTML> Wed, 01 Apr 2009 14:34:14 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230373#M353359 thanmad 2009-04-01T14:34:14Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230374#M353360 <HTML><HEAD></HEAD><BODY><P>Please check if your CA is a ROOT CA or Intermediate CA.</P><P></P><P></P></BODY></HTML> Wed, 01 Apr 2009 14:50:40 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230374#M353360 Jagdeep Gambhir 2009-04-01T14:50:40Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230375#M353361 <HTML><HEAD></HEAD><BODY><P>I looked into it, this is the root CA for our organization, it contains all the certificates we are using in our organization. I'm at a loss. </P><P></P><P>Is there anything i can look at, debugs, logs etc to see an actual error message?</P></BODY></HTML> Wed, 01 Apr 2009 15:32:41 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230375#M353361 thanmad 2009-04-01T15:32:41Z https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230376#M353362 <HTML><HEAD></HEAD><BODY><P>Ok, i now understand it a little better. I needed to install 2 certificates. the first being the Root CA's certificate in the "ACS Certification Authority Setup" section (i mistakenly thought this was simply where i download my generated cert for the next spot.</P><P></P><P>The second cert is the one i generated using "Generate Certificate Signing Request", i then took that to my Root CA, generated a cert and installed that along with the private key under "Install ACS Certificate".</P><P></P><P>Thanks for pointing me in the right direction since the error i was getting wasnt helpful to me.</P></BODY></HTML> Wed, 01 Apr 2009 16:31:41 GMT https://community.cisco.com/t5/network-access-control/acs-4-0-eap-tls-cert-not-working/m-p/1230376#M353362 thanmad 2009-04-01T16:31:41Z