Cisco Systems 3.3 Manual De Usuario
10-7
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 10 System Configuration: Authentication and Certificates
About Certification and EAP Protocols
Enabling EAP-TLS Authentication
This procedure provides an overview of the detailed procedures required to
configure Cisco Secure ACS to support EAP-TLS authentication.
configure Cisco Secure ACS to support EAP-TLS authentication.
Note
End-user client computers must be configured to support EAP-TLS. This
procedure is specific to configuration of Cisco Secure ACS only. For more
information about deploying EAP-TLS authentication, see Extensible
Authentication Protocol Transport Layer Security Deployment Guide for Wireless
LAN Networks at
procedure is specific to configuration of Cisco Secure ACS only. For more
information about deploying EAP-TLS authentication, see Extensible
Authentication Protocol Transport Layer Security Deployment Guide for Wireless
LAN Networks at
Before You Begin
For EAP-TLS machine authentication, if you have a Microsoft certification
authority server configured on the domain controller, you can configure a policy
in Active Directory to produce a client certificate automatically when a computer
is added to the domain. For more information, see
authority server configured on the domain controller, you can configure a policy
in Active Directory to produce a client certificate automatically when a computer
is added to the domain. For more information, see
To enable EAP-TLS authentication, follow these steps:
Step 1
Install a server certificate in Cisco Secure ACS. EAP-TLS requires a server
certificate. For detailed steps, see
certificate. For detailed steps, see
.
Note
If you have previously installed a certificate to support EAP-TLS or
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.
PEAP user authentication or to support HTTPS protection of remote
Cisco Secure ACS administration, you do not need to perform this step.
A single server certificate is sufficient to support all certificate-based
Cisco Secure ACS services and remote administration; however,
EAP-TLS and PEAP require that the certificate be suitable for server
authentication purposes.