https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503863#M377747 <HTML><HEAD></HEAD><BODY><PRE><SPAN style="color: #800000; font-size: 10pt;">This happens when we are missing some kind of certificate on the ACS. As you stated that you have installed the certificates and still you are <BR />getting this error.<BR /><BR />Most of the times I came across this error message when we don't have CA or Intermediate<BR />certificate installed on the ACS certificate store.<BR /><BR />Make sure that you have checked the certificate under certificate trust list. Also, restart the acs services and then try.<BR /><BR />Regds,<BR />JK<BR /><BR />Do rate helpful posts<BR /><BR /></SPAN></PRE></BODY></HTML> Wed, 16 Jun 2010 01:40:55 GMT Jatin Katyal 2010-06-16T01:40:55Z https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503862#M377745 <P>Hello,</P><P></P><P>I am having a hard time getting my cert to work right on the ACS for PEAP. I have acs 4.2 se.&nbsp; I have a 3rd party .pem. certificate</P><P> I have loaded it into the install acs cert as the cert file and private key. I have also loaded into the authority setup, but after the reboot when I try to enable peap and eap-tls I get this error Failed to initialize PEAP or EAP-TLS authentication protocol because ACS certificate is not installed. I am not real knowledgeable about certificates so I am sure it is something simple I am doing wrong. Please help! Thanks in advance</P> Mon, 11 Mar 2019 00:11:30 GMT https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503862#M377745 kirbus_inc 2019-03-11T00:11:30Z https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503863#M377747 <HTML><HEAD></HEAD><BODY><PRE><SPAN style="color: #800000; font-size: 10pt;">This happens when we are missing some kind of certificate on the ACS. As you stated that you have installed the certificates and still you are <BR />getting this error.<BR /><BR />Most of the times I came across this error message when we don't have CA or Intermediate<BR />certificate installed on the ACS certificate store.<BR /><BR />Make sure that you have checked the certificate under certificate trust list. Also, restart the acs services and then try.<BR /><BR />Regds,<BR />JK<BR /><BR />Do rate helpful posts<BR /><BR /></SPAN></PRE></BODY></HTML> Wed, 16 Jun 2010 01:40:55 GMT https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503863#M377747 Jatin Katyal 2010-06-16T01:40:55Z https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503864#M377749 <HTML><HEAD></HEAD><BODY><P>I think I have gotten that part to work now because it lets me enable EAP. However on my wireless client</P><P>it gives an error of Could not authenticate. Int he log it says authentication failed</P><P>during SSL handshake</P></BODY></HTML> Wed, 16 Jun 2010 15:51:33 GMT https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503864#M377749 kirbus_inc 2010-06-16T15:51:33Z https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503865#M377753 <HTML><HEAD></HEAD><BODY><P><SPAN style="color: #800000; font-size: 10pt;">Well, this error message says that there is certicate missing in the chain. Please check and make sure that you have full cert chain installed on theACS.</SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;">BTW. what eap type you are using?</SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;">Also, do we have validate server certificate option checked on the client side? If it is, please uncheck that option and try again.</SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;">Rgds,</SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;">JK</SPAN></P><P></P><P><SPAN style="color: #800000; font-size: 10pt;"><BR /></SPAN></P><P><SPAN style="color: #800000; font-size: 10pt;">Do rate helpful posts-<BR /></SPAN></P></BODY></HTML> Wed, 16 Jun 2010 16:06:27 GMT https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503865#M377753 Jatin Katyal 2010-06-16T16:06:27Z https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503866#M377754 <HTML><HEAD></HEAD><BODY><P>Here is what I have selected under Global Authentication Setup</P><P></P><P>PEAP</P><P>&nbsp;&nbsp;&nbsp;&nbsp; Allow Posture Validation</P><P></P><P>PEAP session timeout (minutes) 120</P><P>Enable Fast Reconnect</P><P></P><P>EAP-TLS</P><P>&nbsp;&nbsp;&nbsp;&nbsp; Allow EAP-TLS</P><P>&nbsp;&nbsp;&nbsp;&nbsp; Certificate CN Comparison</P><P></P><P>Use Outer Identity</P><P></P><P>LEAP allow Leap (for Aironet only)</P><P>EAP-MD5 (Allow EAP-MD5)</P><P></P><P>MS-CHAP config</P><P>Allow ms-chapv1 authentication</P><P>Allow ms-chapv2 authentication</P><P></P><P>On the client under wireless properties</P><P></P><P>Network Authentication is Open</P><P>Data Encryption is WEP</P><P>check is key is provided for me authomatically</P><P></P><P>On the authenticaiton tab I have enable 1EEE 802.1x authentication network access for this network</P><P></P><P>I have had EAP type as smart card or certificate and have had vaildate server cert check and unchecked</P><P></P><P>I have also selected Protected EAP (PEAP) instead of smart card or certificate and get a ssl handshake error on te acs logs</P></BODY></HTML> Wed, 16 Jun 2010 16:30:49 GMT https://community.cisco.com/t5/network-access-control/acs-cert/m-p/1503866#M377754 kirbus_inc 2010-06-16T16:30:49Z