10-10-2014 03:08 PM - edited 07-05-2021 01:42 AM
Can anyone provide me a link or document for EAP-TLS with ACS 5.2 ?
10-10-2014 05:45 PM
http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-2/user/guide/acsuserguide/eap_pap_phase.html#wp1029228
10-11-2014 07:57 AM
Initial Self-Signed Certificate Generation
An automatically generated, self-signed certificate is placed in the Local Certificate store for each ACS server. This certificate is used to identify ACS for TLS-related EAP protocols and for HTTPS Management protocols.
Hi Salodh,
So this means, CA is not mandatory for EAP-TLS ?
10-13-2014 04:41 AM
EAP-TLS authentication involves two elements of trust:
•The EAP-TLS negotiation establishes end-user trust by validating, through RSA signature verifications, that the user possesses a keypair that a certificate signs.
This process verifies that the end user is the legitimate keyholder for a given digital certificate and the corresponding user identification in the certificate. However, trusting that a user possesses a certificate only provides a username-keypair binding.
•Using a third-party signature, usually from a CA, that verifies the information in a certificate. This third-party binding is similar to the real-world equivalent of the stamp on a passport.
You trust the passport because you trust the preparation and identity-checking that the particular country's passport office made when creating that passport. You trust digital certificates by installing the root certificate CA signature.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide