CISO acs appliance and windows certificate ...PEAP error

Discussion in 'Cisco' started by wisdom1999, Feb 5, 2007.

  1. wisdom1999

    wisdom1999 Guest

    Hi. I have a HUGE problem that i desperately need your help with. I
    have installed two ACS appliances to be used for IBNS and eventually
    for NAC. I want to use certificates to authenticate users. I have
    windows 2003 enterprise CA setup ( 3-tier). I use the issuing CA to
    generate the certificates. When i request and install the certificate
    that goes though without a problem. However when i got to global
    authentication and try to enable PEAP i get the following message:

    Failed to initialize PEAP or EAP-TLS authentication protocol because
    CA certificate is not installed. Install the CA certificate using "ACS
    Certification Authority Setup" page

    The certificate is installed.

    I got a solution from a cisco rep here but it did not work the
    solution is listed below:
    Symptom:
    ACS appliance will not recognize the installed certificate.

    Condition:

    Cisco Security Agent is running.

    1. Install a certificate - GUI will report certificate as installed
    and
    validitiy OK.
    2. Enable PEAP
    3. Error appears:

    Failed to initialize PEAP or EAP-TLS authentication protocol because
    CA certificate is not installed. Install the CA certificate using
    "ACS Certification Authority Setup" page.

    Workaround:
    Disable Cisco Security Agent and repeat the installation procedure.
    It will succeed.
    Re-enable Cisco Security Agent.


    I desperately need your help in solving this. I have no idea what else
    to try. Thanks in advance for your expertise.



    Regards
     
    wisdom1999, Feb 5, 2007
    #1
    1. Advertisements

  2. wisdom1999

    Thrill5 Guest

    You are hitting "Install Certificate" twice. After you enter the file name
    for the certificate to install hit "Install Certificate", the next screen
    will show the certificate details and the certificate is now installed. At
    this point you are hitting the "Install Certificate" button again, and
    deleting the certificate you just installed. I just went through this, and
    the screens are not very intuitive.

    Scott.
     
    Thrill5, Feb 6, 2007
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.