Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
928
Views
0
Helpful
1
Replies

ACS 5.2 and EAP-TLS

raymondhugh
Level 1
Level 1

‎06-23-2011 06:27 AM - edited ‎03-10-2019 06:11 PM

I am trying to set up EAP-TLS authentication for my wireless access points, but I can't sign my ACS certificate with my enterprise CA certificate.

If I generate a self-signed certificate on the ACS server, and try to sign it on my CA, I get an ASN tag error.  It looks like that is because the ACS server is not in the certificate path of the CA server.

If I generate a certificate on the CA and try to import it into ACS, I get a "unable to parse certificate" error.  Is there a way to edit the Certificate Trust List in 5.2?  It looks like that was possible with 4.2, but not with the latest version.

Does anyone have any ideas what the right procedure is?  I've read that you do not need the private key to sign it, but with or without it, it didn't work.

I used Openssl to extract and combine the certificates and keys.

Labels:
0 Helpful
1 Reply 1

jrabinow
Level 7
Level 7

‎06-26-2011 12:01 AM

The certificate trust list can be modified at the following location:

Users and Identity Stores > Certificate Authorities

This is the list of certificate authorities and each can be marked as to whether they are trusted for EAP-TLS

0 Helpful
Customers Also Viewed These Support Documents