cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Bookmark
|
Subscribe
|
1106
Views
0
Helpful
3
Replies

EAP-TLS Authentication failure happening in ACS for Wireless End User Authentication

nkarthikeyan
Level 7
Level 7

Hi All,

We have the Win 3.2 ACS setup in the production environment, We are migrating it with 4.2 Appliance version. We have succesfully migrated the database and other stuffs from 3.2 to 4.2. Same way we have exported the certificates from 3.2 to 4.2 and installed it.

We have the leap as well as eap-tls in the authentication part.

We were able to test successfully with the leap. But when it comes to eap-tls. In 4.2 version its throwing the error.

5/3/201123:16:38Authen failednkarthikeyan@abc.comEAP-TLS users0023.1413.de18(Default)EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake21356 10.121.198.3813 EAP-TLSap-1242b4 

  Bangalore APs

We have used the same certficate exported and installed in the 4.2 version. But its working in the existing 3.2 version and why it is not working with the 4.2 version.

Could anyone help me out in this?

Regards

Karthik

3 Replies 3

andamani
Cisco Employee
Cisco Employee

Hi,

Looks like the CA Cert is not installed on the ACS.

The following link will help you install the CA cert.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/SCAuth.html#wp327056

Also trust the CA certificate in the Edit trust list list.

Hope this helps.

Regards,

Anisha

P.S.: please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.

Anisha,

Yes. But in 4.2 Appliance version we cannot define the path right?. It will be stored internally in the appliance itself right. So we have mentioned the name of the certifcate file with .cer extension.

Also i have trusted the same certifier in the trust list also.

let me cross check once again.

Anisha,

Also in the certificate revocation list we have mapped the cert authority in use and defined the CRL distribution URL.

Is the CRL differs with certficate end user laptop/desktop and the certificate in the acs. That am getting bit confused with.

When we applied the CA certficate it showed it has been installed successfully. I donno whats going wrong with that.

Regards

Karthik