cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
8088
Views
0
Helpful
2
Replies

EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake

sansarav720e
Level 1
Level 1

Hi All ,

             I am trying to test EAP_TLS authentication on acs 4.2.1.15 running on Appliance 1120 , I have installed my server certficate along with CA certficate on my appliance box , I have enabled features of  EAP_TLS under golbal authentication setup .

             I have downloaded client supplicant certficate file for my windows XP machine .

When i tried to authenticated i am finding following error message under  failed attempts(EAP-TLS or PEAP authentication failed due to unknown CA certificate during SSL handshake) on my acs appliance box .

Under certficate revocation list , I have forced my CA as CRL in use . Attached snap shot of all .

Suggest me whether i need to enable all corresponding CA certficate undercertficate trust list , Kindly let me know were i am doing wrong on this ..

HTH Regards Santhosh Saravanan
2 Replies 2

mwhitlow
Level 1
Level 1

Hello,

I am NO expert on certificates but I have seen your error dozens of times from wireless clients on my Cisco ACS 4.2 Radius server.

Through trial and error I wrote up this procedure for our Helpdesk for installing certs in Windows XP and Windows 7. These steps haven't failed me yet and the Helpdesk doesn't bother me as much anymore so see if this helps you:

-          Manually install the Global CA under BOTH Trusted Root Certification Authorities\Certificates AND Intermediate Certification                      Authorities\Certificates

-          Manually install the Intermediate CA under JUST the Intermediate Certification Authorities\Certificates

-          Delete the wireless network from the computer

-          REBOOT!!

-          Open the Microsoft Management Console, “mmc”.

-          Go FILE\Add Remove SnapIn. Select Certificates ..

-          If promoted, do it for “My User Account”.

-          Make sure the certificates are where you put them. 

-          If you see any of these exact certificates out of place in either Trusted Root Certification Authorities\Certificates or Intermediate Certification                      Authorities\Certificates, remove them.

-          Redo wireless network setup again

I hope this helps you.

Mike

Hi Mike ,

              Thanx for your postings , Some of root certficate wass missing on my appliance , I have installed on root certficate issued by CA authority on my acs appliance , Problem has been fixed after installing all miising root certficate .

HTH Regards Santhosh Saravanan