EAP-TLS with CSSC finally working.


Okay. EAP-TLS :
I installed a CA Standalone server with CN=lab
On the same server I installed a ACS server.
-Generate signing request
CN=acsserver
– Install the ACS Certificate
– Restart ACS Service
– Install the CA Certificate
– Restart ACS Service
– Edit the Trustlist and check the CA Server
– Restart ACS Service
– Enable eap-tls at the Global Auth Setup
– I used AD integration, so make sure that the AD will be consultant when the user is not present at the ACS.
– Add the WLC to the ACS Server
– On the WLC create a WLAN for eaptls.

– Create a CSSC profile for eaptls with :
– check “Validate Server Certificate”
– Certificate Trusted Server Rules :
Common name = acsserver (The CN of the ACS Server and NOT the CA Server)
Include Root CA. This certificate must be a .pem format. (I used mozilla and export the CA root as pem format)

Now I can use the CSSC client with eap-tls. My desktop is NOT connected to the domain.

It took me 15 minutes to have a sucessfull wifi connection. Restarting the ACS server took the longest time. I tried to not restart the services everytime, but
then I got some strange things and it wasn’t working.

About Joost van der Made

Me

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: