Enabling eap-tls authentication – Cisco 3.3 User Manual
Page 387
10-7
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 10 System Configuration: Authentication and Certificates
About Certification and EAP Protocols
Enabling EAP-TLS Authentication
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support EAP-TLS authentication.
Note
End-user client computers must be configured to support EAP-TLS. This
procedure is specific to configuration of Cisco Secure ACS only. For more
information about deploying EAP-TLS authentication, see Extensible
Authentication Protocol Transport Layer Security Deployment Guide for Wireless
LAN Networks at
.
Before You Begin
For EAP-TLS machine authentication, if you have a Microsoft certification
authority server configured on the domain controller, you can configure a policy
in Active Directory to produce a client certificate automatically when a computer
is added to the domain. For more information, see
Policy in Windows
To enable EAP-TLS authentication, follow these steps:
Step 1
Install a server certificate in Cisco Secure ACS. EAP-TLS requires a server
certificate. For detailed steps, see
Installing a Cisco Secure ACS Server
.
Note
If you have previously installed a certificate to support EAP-TLS or
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.