Buy or Renew
Buy or Renew
NEW: Try the Beta AI Summary feature on posts in the Routing and SD-WAN forum. Click to go to the forum.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1329
Views
0
Helpful
2
Replies

Certificado ACS

Go to solution
jmanzur1683
Visitor

‎02-16-2011 07:18 AM - edited ‎07-03-2021 07:49 PM

La pregunta es: Por que en el ACS para autenticar por medio de PEAP MS-CHAPv2, tengo que intalar un CA de microsoft?

No puedo autenticar con el certificado generado propiamente por el ACS?

Saludos y gracias.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎02-17-2011 08:51 AM

Hi Jorge,

I used google translate to understand your question but I won't use it to translate my answer as it will probably be not so understandable. I hope you can read me.

With PEAP-mschapv2, the clients have to trust the ACS certificate. So either you give ACS a valid certificate or you give the ACS certificate for the clients to add as "trusted".

Installing a valid certificate means buying one from the internet OR creating one with your Microsoft CA but you need to add your Microsoft CA to all your clients as "trusted".

The alternative is to de-select on all clients the feature "validate server certificate" and clients will stop trying to verify the ACS certificate.

I hope this clarifies.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Nicolas Darchis
Cisco Employee
Cisco Employee

‎02-17-2011 08:51 AM

Hi Jorge,

I used google translate to understand your question but I won't use it to translate my answer as it will probably be not so understandable. I hope you can read me.

With PEAP-mschapv2, the clients have to trust the ACS certificate. So either you give ACS a valid certificate or you give the ACS certificate for the clients to add as "trusted".

Installing a valid certificate means buying one from the internet OR creating one with your Microsoft CA but you need to add your Microsoft CA to all your clients as "trusted".

The alternative is to de-select on all clients the feature "validate server certificate" and clients will stop trying to verify the ACS certificate.

I hope this clarifies.

0 Helpful

Go to solution
josuvarg
Level 2
Level 2
In response to Nicolas Darchis

‎03-31-2011 04:40 PM

Esto depende de la configuration del cliente. Si el cliente tiene habilidata la opcion de validar el certificado del cliente, basicamente vamos a necesitar comprar un certificado de un CA o de Microsoft. Si esta opcion esta desabilidata en el cliente (en la configuracion de seguridad del SSID) no habra problemas en utilizar solamente el cert del ACS

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card