08-11-2010 07:20 AM - edited 03-10-2019 05:19 PM
How do we add a trust authority on ACS 5? We also get an error when the client authenticate by eap-tls.
12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain this sound like the Trust Authority on client is not matchi with on ACS server , is that right?
Thanks,
11-05-2010 06:25 AM
Hi,
Seems to be that, or also you are not installed the CA in the ACS
CA Certificate
| ________ Server Certificate
|______________Client certificate
Ensure that the certificate authority that signed the client's certificate is correctly installed in the Certificate Authorities page (Users and Identity Stores: Certificate Authorities). Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information. If CRL is configured, check the System Diagnostics for possible CRL downloading faults.
Un Saludo
11-05-2010 10:41 AM
You are correct, the ACS doesn't have the CA for the client certificate being presented. This can be added under Users and Identity Stores -> Certificate Authorties, If it is a multi-tiered CA you can add each certificate in the chain here.
--Jesse
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: