cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2482
Views
0
Helpful
2
Replies

ACS 5 EAP-TLS

nhan.duong
Level 1
Level 1

How do we add a trust authority on ACS 5?  We also get an error when the client authenticate by eap-tls.

12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain  this sound like the Trust Authority on client is not matchi with on ACS server , is that right?

Thanks,

2 Replies 2

jorge.novo
Level 1
Level 1

Hi,

  Seems to be that, or also you are not installed the CA in the ACS

CA Certificate

          | ________ Server Certificate

          |______________Client certificate

Ensure that the certificate authority that signed the client's certificate is  correctly installed in the Certificate Authorities page (Users and Identity  Stores: Certificate Authorities). Check the OpenSSLErrorMessage and  OpenSSLErrorStack for more information. If CRL is configured, check the System  Diagnostics for possible CRL downloading faults.

Un Saludo

jedubois
Cisco Employee
Cisco Employee

You are correct, the ACS doesn't have the CA for the client certificate being presented.  This can be added under Users and Identity Stores -> Certificate Authorties, If it is a multi-tiered CA you can add each certificate in the chain here.

--Jesse

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: