Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1495
Views
0
Helpful
1
Replies

ACS 5.3 EAP-TLS configuration issue

vduprez
Level 1
Level 1

‎07-31-2012 08:12 AM - edited ‎03-10-2019 07:21 PM

Dear all,

We are trying to configure EAP-TLS for 802.1x user authentication (still working with ACS 4.1 ) with Version : 5.3.0.40.5 ...

I reached the point where i receiveed the following error:

"EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain"

So I have 2 questions:

- is there a guideline somewhere as i should have forgotten something ?

- Is there a way to check the certificates chain or to have more logs somewhere in the ACS ?

regards,

vincent.

Labels:
0 Helpful
1 Reply 1

Tarik Admani
VIP Alumni
VIP Alumni

‎07-31-2012 10:06 AM

You will have to import the root and intermediate certificates that are presented from the clients end over to ACS.

Here is a documentation on how to do this - http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/users_id_stores.html#wp1158666

Make sure the Trust for Client with EAP-TLS is checked.

thanks,

Tarik Admani
*Please rate helpful posts*

0 Helpful
Customers Also Viewed These Support Documents