Cisco Systems OL-24201-01 Camera Accessories User Manual


 
8-70
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Configuring CA Certificates
Step 4 Click Submit.
The new certificate is saved. The Trust Certificate List page appears with the new certificate.
Related Topics
User Certificate Authentication, page B-6
Overview of EAP-TLS, page B-6
Editing a Certificate Authority and Configuring Certificate Revocation Lists
Use this page to edit a trusted CA (Certificate Authority) certificate.
Step 1 Select Users and Identity Stores > Certificate Authorities.
The Trust Certificate page appears with a list of configured certificates.
Step 2 Click the name that you want to modify, or check the check box for the Name, and click Edit.
Complete the fields in the Edit Trust Certificate List Properties Page as described in Table 8-20:
When ACS delays the CA CRL, CA is retained on the local file system. The CA is not refreshed until
you resubmit it.
By default ACS will fail all user certificates of a CA for which the CRL has expired.
If CA is resubmitted, the following error is shown: 12514 EAP-TLS failed SSL/TLS handshake.
This is because of the unknown CA.
If CA is not resubmitted, the following error is shown: 12515 EAP-TLS failed SSL/TLS
handshake.
This is because of the expired CRL.
If you choose Ignore CRL Expiration, authentication will fail for revoked certificates and successful for
non-revoked certificates.
Table 8-20 Edit Certificate Authority Properties Page
Option Description
Issuer
Friendly Name The name that is associated with the certificate.
Description (Optional) A brief description of the CA certificate.
Issued To Display only. The entity to which the certificate is issued. The name that appears is
from the certificate subject.
Issued By Display only. The certification authority that issued the certificate.
Valid from Display only. The start date of the certificate’s validity. An X509 certificate is valid
only from the start date to the end date (inclusive).
Valid To (Expiration) Display only. The last date of the certificate’s validity.
Serial Number Display only. The serial number of the certificate.
Description
Description of the certificate.
Usage
Trust for client with EAP-TLS Check this box so that ACS will use the trust list for the TLS related EAP protocols.