Cisco Systems OL-24201-01 manual Description of the certificate

Chapter 8 Managing Users and Identity Stores

Configuring CA Certificates

Step 4 Click Submit.

The new certificate is saved. The Trust Certificate List page appears with the new certificate.

Related Topics

•User Certificate Authentication, page B-6

•Overview of EAP-TLS, page B-6

Editing a Certificate Authority and Configuring Certificate Revocation Lists

Use this page to edit a trusted CA (Certificate Authority) certificate.

Step 1 Select Users and Identity Stores > Certificate Authorities.

The Trust Certificate page appears with a list of configured certificates.

Step 2 Click the name that you want to modify, or check the check box for the Name, and click Edit.

Complete the fields in the Edit Trust Certificate List Properties Page as described in Table 8-20:

When ACS delays the CA CRL, CA is retained on the local file system. The CA is not refreshed until you resubmit it.

By default ACS will fail all user certificates of a CA for which the CRL has expired.

•If CA is resubmitted, the following error is shown: 12514 EAP-TLS failed SSL/TLS handshake. This is because of the unknown CA.

•If CA is not resubmitted, the following error is shown: 12515 EAP-TLS failed SSL/TLS handshake.This is because of the expired CRL.

If you choose Ignore CRL Expiration, authentication will fail for revoked certificates and successful for non-revoked certificates.

Table 8-20 Edit Certificate Authority Properties Page