Re: Certificate Authentication for wireless communication issues

SFDCSupportNSS@cognizant.com · ‎12-28-2018

Hi All,

Currently we have implemented WLC & AP in our n/w & as per client requirement their Laptop should connect AP through EAP-TLS certificate authentications. But point is client laptops are not in our domain and we can not take it our domain.

So my request is to please suggest if we can implement this in such case for client laptops.

If yes, then please let me know which certificates need to be installed on client laptops and which on ACS to wireless communications.

Aravind Ravichandran · ‎12-31-2018

Hello,

BYOD option is there in ISE whereas, user has to connect to dot1x SSID by entering their domain credentials which will keep the endpoint in limited access ACL to enroll certificate(internal or external-CA server) by registering the device in BYOD portal & you can achieve the EAP-TLS on client laptop.

ISE can be integrated with CA server for external certificate enrollment or else ISE is having option of providing internal CA certificate.

Am not sure, whether this option is available in ACS or not.

Thanks,

Aravind.

-Aravind

SFDCSupportNSS@cognizant.com · ‎01-01-2019

Hi Aravind,

Thanks for your suggestion.

For BYOD option, I will check but i need to know whether we can implement it without this option.

Also want to know which certificate need to be implemented on end point devices ( Client Laptops) & ACS

Aravind Ravichandran · ‎01-01-2019

Try imported in the Certificate under certificate(local computer)->Personal->Computers in the client laptop.

Also add the root certificate & its intermediate certificate in the ACS under trusted certificate.

-Aravind

SFDCSupportNSS@cognizant.com · ‎02-07-2019

HI Arvind,

We have tried the below steps however we are getting the below error.

12520 EAP-TLS failed SSL/TLS handshake because the client rejected the ACS
local-certificate

Pls suggest.