Introduction
This document describes how to Generate Self Signed Certificate to secure wireless access using Wireless LAN controllers and Cisco Secure Access Control Server (ACS) 5.1 via Protected Extensible Authentication Protocol (PEAP) with Microsoft Challenge Handshake Authentication Protocol (MS-CHAP) version 2.
Network Diagram
Generate a self signed certificate on ACS 5.1
System Administrator --> Configuration--> Local Server Certificates--> Local Certificates. Click Add in order to create a new self signed certificate.
In Step 1, Under Server Certificate Creation Method, select "Generate Self Signed certificate. By selecting this option ACS will generate a Self-Signed certificate. Click Next.
In Step 2, add the following information;-
- Certificate subject
- Key length
- Expiration TTL
Under Protocol Section, check box for EAP:Used for EAP Protocols that use SSL/TLS Tunneling.
Click Finish.Now under Local Certificates, New self-Signed certificate is available.
In Order to enable PEAP authentication, Go to Access Policies--> Access Services-->Default Network Access and "EDIT" the
Default Network Access and check "ALLOW PEAP" under Authentication Protocols. Also check "Allow EAP-MS-CHAPv2".
Click Submit in order to save the changes.
For information on Certificate installation using third party certificate authority you can check
Reference Link
PEAP under Unified Wireless Networks with ACS 5.1 and Windows 2003 Server