05-03-2011 07:36 PM - edited 03-10-2019 06:03 PM
Hi All ,
I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of EAP_TLS under golbal authentication setup .
I have downloaded client supplicant certficate file for my windows XP machine .
When i tried to authenticated i am finding following error message under failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .
Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .
Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..
05-04-2011 11:47 AM
Hello,
I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.
Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:
- Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification Authorities\Certificates
- Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates
- Delete the wireless network from the computer
- REBOOT!!
- Open the Microsoft Management Console, “mmc”.
- Go FILE\Add Remove SnapIn. Select Certificates ..
- If promoted, do it for “My User Account”.
- Make sure the certificates are where you put them.
- If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification Authorities\Certificates, remove them.
- Redo wireless network setup again
I hope this helps you.
Mike
05-05-2011 09:33 PM
Hi Mike ,
Thanx for your postings , Some of root certficate wass missing on my appliance , I have installed on root certficate issued by CA authority on my acs appliance , Problem has been fixed after installing all miising root certficate .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide