cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2473
Views
5
Helpful
1
Replies

Problems with Trusted CA (Certificate Authority) Certificate on CSACS 1121 5.2

HI,

I NEED TO KNOW WHAT FILE SHOULD I DOWNLOAD FROM CA SERVER FOR INSTALL IN ACS OR WHAT IS THE PROCEDURE SHOULD I DO TO GET TRUSTED CA (CERTIFICATE AUTHORITY) CERTIFICATE  BECAUSE WHEN I TEST AUTHENTICATION APPEARS THE FOLLOWING MESSAGE:

EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain
Resolution Steps
Ensure  that the certificate authority that signed the client's certificate is  correctly installed in the Certificate Authorities page (Users and  Identity Stores: Certificate Authorities). Check the OpenSSLErrorMessage  and OpenSSLErrorStack for more information. If CRL is configured, check  the System Diagnostics for possible CRL downloading faults.

THANKS FOR YOUR HELP

1 Reply 1

Tiago Antunes
Cisco Employee
Cisco Employee

Hi,

As the error message says, the CA cert needs t obe installed in "Users and  Identity Stores: Certificate Authorities".

Please make sure you enable the usage for TLS.

Also, if there are intermediate CAs, you need to install the certs of all the CAs, so that the ACS can trust it.

HTH,
Tiago

--

If  this helps you and/or answers your question please mark the question as  "answered" and/or rate it, so other users can easily find it.