Install Certificates for EAP-TLS and PEAP on the ACS
At this moment I don’t have time to create some screenshots, but when I do have some spare time, I’ll add them. It’s easier to read, but this blog is only to study for me…….So I do it my way at this moment.. 😉
To use EAP-TLS and/or PEAP you should be using Certificates.
In this example the CA server and the ACS server are the same machines.
On the ACS Generate a Certificate Signing Request :
Certificate Subject : cn=demo.lab
Private key file : c:\demo.pvk
Private Key password : cisco123
Key length : 1024 (This is the max)
Digest to sign with : SHA1
Copy the outcome of this when you submit it.
Go to 127.0.0.1/certsrv
And choose : Request a Certificate.
Click on Advanced Certificate Request.
Click on Submit a certificate reqeust by using a base-64 blablalba
Past the clipboard to the Form and click Submit.
Now you can save the Certificate and import this at the ACS server :
Install ACS Certificate
ONLY CLICK ONCE SUBMIT. DON’T HIT THE Install New Certificate Button again.
Now install the CA root certificate on the machine.
Download a CA certificate etc, etc.
Install this CA certificate Chain.
At the ACS trust the CA root certificate :
Edit Certificate Trust List
Check the correct certificate and click submit.
Make sure the time is correct of the CA server and ACS / Clients.