EAP-TLS Authentication failure happening in ACS for Wireless End User Authentication
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2011 06:58 PM - edited 02-21-2020 10:26 AM
Hi All,
We have the Win 3.2 ACS setup in the production environment, We are migrating it with 4.2 Appliance version. We have succesfully migrated the database and other stuffs from 3.2 to 4.2. Same way we have exported the certificates from 3.2 to 4.2 and installed it.
We have the leap as well as eap-tls in the authentication part.
We were able to test successfully with the leap. But when it comes to eap-tls. In 4.2 version its throwing the error.
5/3/2011 | 23:16:38 | Authen failed | nkarthikeyan@abc.com | EAP-TLS users | 0023.1413.de18 | (Default) | EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake | 21356 | 10.121.198.38 | 13 | EAP-TLS | ap-1242b4 | Bangalore APs |
We have used the same certficate exported and installed in the 4.2 version. But its working in the existing 3.2 version and why it is not working with the 4.2 version.
Could anyone help me out in this?
Regards
Karthik
- Labels:
-
Other NAC
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2011 07:12 PM
Hi,
Looks like the CA Cert is not installed on the ACS.
The following link will help you install the CA cert.
Also trust the CA certificate in the Edit trust list list.
Hope this helps.
Regards,
Anisha
P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2011 09:05 PM
Anisha,
Yes. But in 4.2 Appliance version we cannot define the path right?. It will be stored internally in the appliance itself right. So we have mentioned the name of the certifcate file with .cer extension.
Also i have trusted the same certifier in the trust list also.
let me cross check once again.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
05-03-2011 09:16 PM
Anisha,
Also in the certificate revocation list we have mapped the cert authority in use and defined the CRL distribution URL.
Is the CRL differs with certficate end user laptop/desktop and the certificate in the acs. That am getting bit confused with.
When we applied the CA certficate it showed it has been installed successfully. I donno whats going wrong with that.
Regards
Karthik
