Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
843
Views
0
Helpful
9
Replies

Certificate Signing Request for ACS 5.3

Go to solution
adilacikgoz75
Level 1
Level 1

‎01-28-2013 09:27 AM - edited ‎07-03-2021 11:26 PM

In order to authenticate wireless users with EAP-TLS or PEAP-MSCHAPv2, what should I select the key length and digest to sign with? 2048 and SHA256 combination should work?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to adilacikgoz75

‎01-28-2013 10:14 AM

My devices have to trust the root CA... the radius only cares about a valid certificate for it to use.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Scott Fella
Hall of Fame
Hall of Fame

‎01-28-2013 09:36 AM

I've only used Key Length=2048, Digest=SHA1, but you can always give that a try. It should work with Windows 7 .  I know that with XP you needed SP3 to use SHA256.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
adilacikgoz75
Level 1
Level 1
In response to Scott Fella

‎01-28-2013 09:46 AM

Scott,

Thanks for the reply. Do I need to install the Intermediate CA certs along with the Root CA into "Certificate Authorities" in ACS 5.3?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to adilacikgoz75

‎01-28-2013 09:52 AM

You just need to bind the certificate when you get it.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/admin_config.html#wp1070939

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
adilacikgoz75
Level 1
Level 1
In response to Scott Fella

‎01-28-2013 09:57 AM

How about the Root CA and any Intermediate CAs in the certification path? Don't I need to import these into the Certificate Authorities as well?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to adilacikgoz75

‎01-28-2013 10:02 AM

I'm ACS 4.2 you had to, I don't recall on ACS 5.x. You services need to have that though. I would have to look at my lab ACS. It won't hurt trying it first to see if it works or not.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/eap_pap_phase.html#wp1052021

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to Scott Fella

‎01-28-2013 10:08 AM

All Ihave in my lab ACS is a windows certificate from my domain CA 2048 SHA1.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
adilacikgoz75
Level 1
Level 1
In response to Scott Fella

‎01-28-2013 10:13 AM

You didn't have to install your Root CA cert in Certificate Authorities and it authenticates wireless users using EAP-TLS authentication?

0 Helpful

Go to solution
Scott Fella
Hall of Fame
Hall of Fame
In response to adilacikgoz75

‎01-28-2013 10:14 AM

My devices have to trust the root CA... the radius only cares about a valid certificate for it to use.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***
0 Helpful

Go to solution
adilacikgoz75
Level 1
Level 1
In response to Scott Fella

‎01-28-2013 10:17 AM

Thank you. Makes sense.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card