Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2473
Views
5
Helpful
1
Replies

Problems with Trusted CA (Certificate Authority) Certificate on CSACS 1121 5.2

anamaria.fuentes
Level 1
Level 1

‎12-15-2010 07:10 AM - edited ‎03-09-2019 11:19 PM

HI,

I NEED TO KNOW WHAT FILE SHOULD I DOWNLOAD FROM CA SERVER FOR INSTALL IN ACS OR WHAT IS THE PROCEDURE SHOULD I DO TO GET TRUSTED CA (CERTIFICATE AUTHORITY) CERTIFICATE  BECAUSE WHEN I TEST AUTHENTICATION APPEARS THE FOLLOWING MESSAGE:

EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain
Resolution Steps
Ensure  that the certificate authority that signed the client's certificate is  correctly installed in the Certificate Authorities page (Users and  Identity Stores: Certificate Authorities). Check the OpenSSLErrorMessage  and OpenSSLErrorStack for more information. If CRL is configured, check  the System Diagnostics for possible CRL downloading faults.

THANKS FOR YOUR HELP

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Tiago Antunes
Cisco Employee
Cisco Employee

‎12-15-2010 07:52 AM

Hi,

As the error message says, the CA cert needs t obe installed in "Users and  Identity Stores: Certificate Authorities".

Please make sure you enable the usage for TLS.

Also, if there are intermediate CAs, you need to install the certs of all the CAs, so that the ACS can trust it.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.

Customers Also Viewed These Support Documents