cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1332
Views
0
Helpful
1
Replies

7925G EAP-TLS problem

el-bachir
Level 1
Level 1

Hi,

I'm trying to use EAP-TLS with my 7925G IP Phone.

The RADIUS is an ACS 4.1 server and the CA is an Windows AD 2003 server.

Through the 7925G web page, i generate a Certificate Signing Request (CSR) that i sent to my Certificate Authority to sign. On this CSR i've changed the Common Name to Cisco-7925 (which matches the user name created in the ACS server), but the certificate generated by my CA contains 2 Common Names, one is "Users" and the second one is "Cisco-7925".

So as i try to authenticate my IP Phone with the "Cisco-7925" username, i get a deny because the ACS tries to search int its database for a "Users" username.

How can i remove the Common Name "Users" from the certificate ?

By the way, i followed the same procedure for 7921G IP Phone and it works, so i don't understand why i have this "Users" Common Name.

Thanks in advance for your help.

Kind regards,

El bachir.

1 Reply 1

Roger Nobel
Cisco Employee
Cisco Employee

Hi El bachir

Do you have CSR request you have created to anylze with OpenSSL to verify if there are already to two CN in the request?

Thanks

Roger

Review Cisco Networking for a $25 gift card