cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2306
Views
0
Helpful
2
Replies
nhan.duong
Beginner

ACS 5 EAP-TLS

How do we add a trust authority on ACS 5?  We also get an error when the client authenticate by eap-tls.

12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain  this sound like the Trust Authority on client is not matchi with on ACS server , is that right?

Thanks,

2 REPLIES 2
jorge.novo
Beginner

Hi,

  Seems to be that, or also you are not installed the CA in the ACS

CA Certificate

          | ________ Server Certificate

          |______________Client certificate

Ensure that the certificate authority that signed the client's certificate is  correctly installed in the Certificate Authorities page (Users and Identity  Stores: Certificate Authorities). Check the OpenSSLErrorMessage and  OpenSSLErrorStack for more information. If CRL is configured, check the System  Diagnostics for possible CRL downloading faults.

Un Saludo

jedubois
Cisco Employee

You are correct, the ACS doesn't have the CA for the client certificate being presented.  This can be added under Users and Identity Stores -> Certificate Authorties, If it is a multi-tiered CA you can add each certificate in the chain here.

--Jesse

Create
Recognize Your Peers
Polls
Which of these topics should we host an event in the Community?

Top Choice: ISE Demo (50%)

Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel