Install Certificates for EAP-TLS and PEAP on the ACS

At this moment I don’t have time to create some screenshots, but when I do have some spare time, I’ll add them. It’s easier to read, but this blog is only to study for me…….So I do it my way at this moment.. 😉

To use EAP-TLS and/or PEAP you should be using Certificates.

In this example the CA server and the ACS server are the same machines.
On the ACS Generate a Certificate Signing Request :

Certificate Subject : cn=demo.lab
Private key file : c:\demo.pvk
Private Key password : cisco123
Key length : 1024 (This is the max)
Digest to sign with : SHA1

Copy the outcome of this when you submit it.

Go to
And choose : Request a Certificate.
Click on Advanced Certificate Request.
Click on Submit a certificate reqeust by using a base-64 blablalba
Past the clipboard to the Form and click Submit.

Now you can save the Certificate and import this at the ACS server :
Install ACS Certificate
ONLY CLICK ONCE SUBMIT. DON’T HIT THE Install New Certificate Button again.

Now install the CA root certificate on the machine.
Download a CA certificate etc, etc.
Then :
Install this CA certificate Chain.
At the ACS trust the CA root certificate :
Edit Certificate Trust List
Check the correct certificate and click submit.

Make sure the time is correct of the CA server and ACS / Clients.

About Joost van der Made


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: