Local EAP with SHA256 certificates

p.dave · ‎07-08-2013

We are using a third party certification authority (Entrust) and the certificates generated by the CA are SHA256 certificates. I see ACS does not currently support support the SHA 256 certs, but TAC says software versions 7.3x and above on the WLC do support the certs. The certificates also have the Entended Key Usage (EKU) marked as critical. I am using software version 7.4.0.100 on the WLC without success, however SHA1 certificates work fine. Anyone currently using SHA256 certificates with Local-EAP?

Scott Fella · ‎07-08-2013

I didn't think sha256 was supported. I would ask for the doc that specifies the WLC can use sha256 and custom EKU's which also don't think is supported.

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***

Amjad Abdullah · ‎07-09-2013

You have the issue with installing the SHA256 cert? or it is installed successfully but it does not work?

or you are not able to install it?
I remember with earlier codes (7.0) those could not be installed and you can see the message indicating that this cert is not supported if you enable (debug transfer....) during the installation process.

Try the debug and see what it says.

Rating useful replies is more useful than saying "Thank you"

p.dave · ‎07-09-2013

I have no problem installing the SHA256 certificates. Even with software version 7.0.235.5 on the WLC I can install the vendor CA and device certificate. Once installed the certs show up correctly in the GUI and when I run the sh local-auth certs command.

Scott Fella · ‎07-09-2013

So you are able to install the cert, but its not working when using local EAP?

Thanks,

Scott

Help out other by using the rating system and marking answered questions as "Answered"

-Scott
*** Please rate helpful posts ***