I've installed ACS SE 4.1 for the PEAP authentication with Microsoft AD, but it failed with the following message in the ACS....EAP-TLS or PEAP authentication failed during SSL handshake
The client is not using any certs.
Thanks in advance.
The reason you are getting this is either the certificate is not installed correctly on the ACS or you have validate server certificate on the client side, preventing the certificate to be used. Try to uncheck that in the client side.
the client side is unchecked for the certificate, and i've reinstall the cert on the ACS server, but still getting the same error message.
any other clue?
What type of cert are you using? Also verify that it is installed in the computer account personal certificate store. It is definitely a certificate issue.
If you are using MS CA then take a look at this doc:
Instead of using Web Server, I choose User.
there is an option of not using certs for peap, right? i do not want to use the cert for the authentication, but the cert is installed (generated) in the ACS. client side is disabled for getting the certs from the ACS..
hope this will clear your doubt..
PEAP like any EAP type, needs a certificate installed. I have tried to generate a certificate from ACS, but never got that to work. I got the same SSL error you got. Users have to obtain that cert form the ACS in order to continue with the authentication process.
The easiest thing to so is to obtain a cert for the ACS SE from an online CA. The one I always recommend is www.rapidssl.com as they are reasonably cheap and the whole order process takes about half an hour to work through. If you generate the CSR on the ACS, obtain your cert and install it you can leave the check boxes checked on your clients as the Rapidssl root cert is built into Windows/IE.
The only thing to be careful of is that before you generate the CSR, remove the existing self-signed cert from the ACS SE. Failure to do so can sometimes lead to problems.