Table of Contents
Advertisement
Chapter 10
System Configuration: Authentication and Certificates
Enabling EAP-TLS Authentication
Note
Step 1
78-16592-01
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support EAP-TLS authentication.
End-user client computers must be configured to support EAP-TLS. This
procedure is specific to configuration of Cisco Secure ACS only. For more
information about deploying EAP-TLS authentication, see Extensible
Authentication Protocol Transport Layer Security Deployment Guide for Wireless
LAN Networks at
http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/
acstl_wp.htm.
Before You Begin
For EAP-TLS machine authentication, if you have a Microsoft certification
authority server configured on the domain controller, you can configure a policy
in Active Directory to produce a client certificate automatically when a computer
is added to the domain. For more information, see
Article 313407, HOW TO: Create Automatic Certificate Requests with Group
Policy in
Windows.
To enable EAP-TLS authentication, follow these steps:
Install a server certificate in Cisco Secure ACS. EAP-TLS requires a server
certificate. For detailed steps, see
Certificate, page
10-35.
If you have previously installed a certificate to support EAP-TLS or
Note
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.
About Certification and EAP Protocols
Installing a Cisco Secure ACS Server
User Guide for Cisco Secure ACS for Windows Server
Microsoft Knowledge Base
10-7
Advertisement
Table of Contents
Troubleshooting
