cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
661
Views
0
Helpful
9
Replies

Certificate Signing Request for ACS 5.3

adilacikgoz75
Beginner
Beginner

In order to authenticate wireless users with EAP-TLS or PEAP-MSCHAPv2, what should I select the key length and digest to sign with? 2048 and SHA256 combination should work?

1 Accepted Solution

Accepted Solutions

My devices have to trust the root CA... the radius only cares about a valid certificate for it to use.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

View solution in original post

9 Replies 9

Scott Fella
Hall of Fame Guru Hall of Fame Guru
Hall of Fame Guru

I've only used Key Length=2048, Digest=SHA1, but you can always give that a try. It should work with Windows 7 .  I know that with XP you needed SP3 to use SHA256.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Scott,

Thanks for the reply. Do I need to install the Intermediate CA certs along with the Root CA into "Certificate Authorities" in ACS 5.3?

You just need to bind the certificate when you get it.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/admin_config.html#wp1070939

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

How about the Root CA and any Intermediate CAs in the certification path? Don't I need to import these into the Certificate Authorities as well?

I'm ACS 4.2 you had to, I don't recall on ACS 5.x. You services need to have that though. I would have to look at my lab ACS. It won't hurt trying it first to see if it works or not.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.3/user/guide/eap_pap_phase.html#wp1052021

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***

All Ihave in my lab ACS is a windows certificate from my domain CA 2048 SHA1.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

You didn't have to install your Root CA cert in Certificate Authorities and it authenticates wireless users using EAP-TLS authentication?

My devices have to trust the root CA... the radius only cares about a valid certificate for it to use.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Thank you. Makes sense.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers