04-03-2008 12:45 AM - edited 03-10-2019 03:45 PM
I get an error when I want to authenticate a user which is using smart card to log into a win 2003 VPN server which uses Cisco Secure ACS 4.0 as AAA Server.
When I use password the is no problem but when using smart card I see this error! In the CSAuth.Log file this error message is shown: "bad record mac" Could anyone please help me with this error message?
04-03-2008 05:41 AM
Hi ,
"EAP-TLS or PEAP authentication failed during SSL handshake"
1. Certificate corruption so can try to reinstall the certificates.
2. No root CA certificate installed on client and "Validate Server Certificate" is
enabled on client.
Make sure you have certs installed properly.
Regards,
~JG
04-04-2008 08:59 PM
Hi,
Thanks for your help, I re-installed root certificate in ACS machine and client and unchecked server certificate validation in client side connection options but still the problem is not solved.
I think that the certificate on the smart card might have some wrong properties. Here I have listed key properties of the certificate on my smart card, Do you see anything wrong here?
Enhanced Key Usage= Client Authentication, Smart Card Logon
Key Usage= Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment
A yellow exclamation mark is shown on the key usage icon which means tha key usage field is critical.
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide