cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1072
Views
0
Helpful
6
Replies

EAP-TLS Demo Certificates???

AndreasWeller
Level 1
Level 1

To do EAP-TLS testing (without having to set up the certification authority server infrastructure ). I need Demo Certificates ( Client & Server ). I have tested the Cisco Certificates located at

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/tcert.zip.

Problem is, the certificate date is old and not valid.

Can anybody help me to find valid certificates?

6 Replies 6

pcomeaux
Cisco Employee
Cisco Employee

The ACS team has added the ability for the ACS server to generate self-signed certificates in 3.3 to help in scenarios like yours.

Is this the version of ACS you are using?

thanks

peter

Hi Peter,

thanks for your help, but yesterday we have forced that my certificates are no the problem.

Peter,

I would like to go this route, but when I generate a self-signed certificate, I do not see the message in my certificate general section that states that I have a private key that corresponds with the certificate.

In short, I get the familiar 'EAP-TLS or PEAP authentication failed during SSL handshake' error.

I would rather get this working with the self-signed cert instead of the CA at this time.

Any tips you can provide are greatly appreciated!

Brian

Is there anything ok, when you working with certifikates of an CA(MS) ?

The client gets its certificate with the private key, the EKU field, etc. - basically, everything it should have. The server certificate, however, does not have the private key attached to it, which makes me suspect that it is the problem with my SSL handshake.

Yes the missing key of the server certificate is the problem with the SSL handshake.

Try to get a server and client certificate from the Microsoft Certifikate Service.

How to get this certificates, try this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

my problem is, the certificates are ok and runs with a IAS-Radius Server and 802.1x Client, but not with the ACS-Radius Server (SSl Handshake failure)