Cisco Systems 3.3 Manual Do Utilizador
Chapter 10 System Configuration: Authentication and Certificates
About Certification and EAP Protocols
10-8
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Step 2
Edit the certification trust list so that the certification authority (CA) issuing
end-user client certificates is trusted. If you do not perform this step, Cisco Secure
ACS only trusts user certificates issued by the same CA that issued the certificate
installed in Cisco Secure ACS. For detailed steps, see
end-user client certificates is trusted. If you do not perform this step, Cisco Secure
ACS only trusts user certificates issued by the same CA that issued the certificate
installed in Cisco Secure ACS. For detailed steps, see
Step 3
Establish a certificate revocation list (CRL) for each CA and certificate type listed
in the certificate trust list (CTL). As part of EAP-TLS authentication,
Cisco Secure ACS validates the status of the certificate presented by the user
against the cached CRL to ensure that it has not been revoked. For detailed steps,
see
in the certificate trust list (CTL). As part of EAP-TLS authentication,
Cisco Secure ACS validates the status of the certificate presented by the user
against the cached CRL to ensure that it has not been revoked. For detailed steps,
see
.
Step 4
Enable EAP-TLS on the Global Authentication Setup page. Cisco Secure ACS
allows you to complete this step only after you have successfully completed Step
1. For detailed steps, see
allows you to complete this step only after you have successfully completed Step
1. For detailed steps, see
Step 5
Configure a user database. To determine which user databases support EAP-TLS
authentication, see
authentication, see
Cisco Secure ACS is ready to perform EAP-TLS authentication.
PEAP Authentication
This section contains the following topics:
•
•
•
•
About the PEAP Protocol
The PEAP (Protected EAP) protocol is a client-server security architecture that
provides a means of encrypting EAP transactions, thereby protecting the contents
of EAP authentications. PEAP has been posted as an IETF Internet Draft by RSA,
Cisco, and Microsoft and is available at
provides a means of encrypting EAP transactions, thereby protecting the contents
of EAP authentications. PEAP has been posted as an IETF Internet Draft by RSA,
Cisco, and Microsoft and is available at
.