From: Benjamin Hill (ibennybravo@gmail.com)
Date: Thu Jun 21 2007 - 03:44:43 ART
Hi Bozhidar,
Do you understand that if you are *not* using a self-signed (i.e. ACS
generated) certificate, you need "two" certificates to enable PEAP?
You will need to install the CA certificate (i.e. the Windows 2003 CA
certificate) as well as enroll for a certificate with the CA.
The first certificate enable ACS to trust the CA, and the second certificate
is what ACS will present to the client during the EAP SSL handshake.
HTH;
Ben
On 6/21/07, Bozhidar Batev <b.batev@mobiltel.bg> wrote:
>
> Hi. I have a problem that i desperately need your help with. I
>
>
>
>
> have installed two ACS appliances to be used for NAC.
>
> I want to use certificates to authenticate users. I have
>
>
>
>
> windows 2003 enterprise <http://www.mcse.ms/message2417375.html> CA
> setup (
> 3-tier). I use the issuing CA to
>
>
>
>
> generate the certificates. When i request and install the certificate
>
>
>
>
> that goes though without a problem. However when i got to global
>
>
>
>
> authentication and try to enable PEAP i get the following message:
>
>
>
>
>
>
>
>
>
> Failed to initialize PEAP or EAP-TLS authentication protocol because
>
>
>
>
> CA certificate is not installed. Install the CA certificate using "ACS
>
>
>
>
> Certification Authority Setup" page
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Jul 01 2007 - 17:24:50 ART