Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1002
Views
0
Helpful
6
Replies

EAP-TLS Demo Certificates???

AndreasWeller
Level 1
Level 1

‎03-31-2005 02:00 AM - edited ‎03-10-2019 02:05 PM

To do EAP-TLS testing (without having to set up the certification authority server infrastructure ). I need Demo Certificates ( Client & Server ). I have tested the Cisco Certificates located at

http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/tcert.zip.

Problem is, the certificate date is old and not valid.

Can anybody help me to find valid certificates?

Labels:
0 Helpful
6 Replies 6

pcomeaux
Cisco Employee
Cisco Employee

‎04-06-2005 04:52 AM

The ACS team has added the ability for the ACS server to generate self-signed certificates in 3.3 to help in scenarios like yours.

Is this the version of ACS you are using?

thanks

peter

0 Helpful

AndreasWeller
Level 1
Level 1
In response to pcomeaux

‎04-06-2005 05:34 AM

Hi Peter,

thanks for your help, but yesterday we have forced that my certificates are no the problem.

0 Helpful

depwanguy
Level 1
Level 1
In response to pcomeaux

‎04-06-2005 01:59 PM

Peter,

I would like to go this route, but when I generate a self-signed certificate, I do not see the message in my certificate general section that states that I have a private key that corresponds with the certificate.

In short, I get the familiar 'EAP-TLS or PEAP authentication failed during SSL handshake' error.

I would rather get this working with the self-signed cert instead of the CA at this time.

Any tips you can provide are greatly appreciated!

Brian

0 Helpful

AndreasWeller
Level 1
Level 1
In response to depwanguy

‎04-06-2005 10:15 PM

Is there anything ok, when you working with certifikates of an CA(MS) ?

0 Helpful

depwanguy
Level 1
Level 1
In response to AndreasWeller

‎04-07-2005 05:39 AM

The client gets its certificate with the private key, the EKU field, etc. - basically, everything it should have. The server certificate, however, does not have the private key attached to it, which makes me suspect that it is the problem with my SSL handshake.

0 Helpful

AndreasWeller
Level 1
Level 1
In response to depwanguy

‎04-07-2005 06:05 AM

Yes the missing key of the server certificate is the problem with the SSL handshake.

Try to get a server and client certificate from the Microsoft Certifikate Service.

How to get this certificates, try this link:

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_configuration_example09186a00801df0ea.shtml

my problem is, the certificates are ok and runs with a IAS-Radius Server and 802.1x Client, but not with the ACS-Radius Server (SSl Handshake failure)

0 Helpful
Customers Also Viewed These Support Documents