Filter
Top Products
10-7
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 10 System Configuration: Authentication and Certificates
About Certification and EAP Protocols
Enabling EAP-TLS Authentication
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support EAP-TLS authentication.
Note End-user client computers must be configured to support EAP-TLS. This
procedure is specific to configuration of Cisco Secure ACS only. For more
information about deploying EAP-TLS authentication, see Extensible
Authentication Protocol Transport Layer Security Deployment Guide for Wireless
LAN Networks at http://www.cisco.com/warp/public/cc/pd/sqsw/sq/tech/
acstl_wp.htm.
Before You Begin
For EAP-TLS machine authentication, if you have a Microsoft certification
authority server configured on the domain controller, you can configure a policy
in Active Directory to produce a client certificate automatically when a computer
is added to the domain. For more information, see Microsoft Knowledge Base
Article 313407, HOW TO: Create Automatic Certificate Requests with Group
Policy in Windows.
To enable EAP-TLS authentication, follow these steps:
Step 1 Install a server certificate in Cisco Secure ACS. EAP-TLS requires a server
certificate. For detailed steps, see Installing a Cisco Secure ACS Server
Certificate, page 10-35.
Note If you have previously installed a certificate to support EAP-TLS or
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.