Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1033
Views
0
Helpful
1
Replies

ACS 5.3 / Self Signed / Certificate base auth

GERALD LECAILLIER
Level 1
Level 1

‎10-18-2012 09:34 AM - edited ‎07-03-2021 10:52 PM

Hello,

Our ACS (5.3) has self signed certificate, we have exported it and declared it in Certificate Authorities.

We have exported it to have a Trusted Certificate for client machine.

This certificat has been installed on a laptop.

The wlc is successfully setup for eap (peap & eap-fast has been tested > ok)

I have this error in the log:

12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in  the client certificates chain

I think the Access Policies (identity & authorization) are misconfigured:

> I allowed Host Lookup, PAP/ASCII, MSCHAPV2, EAP-MD5, EAP-TLS, PEAP, EAP-FAST

> Identity: System:EAPauthentication match EAP-TLS

id Source: AD in which AD, Internal Users, Password based, certificate based CN Username are enabled

> authorization: System:WasMachineAuthenticated=True

Thanks for your help,

regards,

Labels:
0 Helpful
1 Reply 1

GERALD LECAILLIER
Level 1
Level 1

‎10-22-2012 04:34 AM

Hello,

I found the answer here:

https://supportforums.cisco.com/message/1298039#1298039

ACS self-signed certificate is not compatible with EAP-TLS

Thanks,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card