Manualshelf

Specifications

ManualsBrandsCisco ManualsComputer equipmentCisco Access Registrar 4.2
31323334353637383940
Cisco Systems, Inc.
All contents are Copyright © 1992–2002 Cisco Systems, Inc. All rights reserved. Important Notices and Privacy Statement.
Page 37 of 42
6. Verify the configuration of the AAA server (ACS configuration is specified in Section 6.2). If the EAP-TLS clients
and the AAA server(s) did not use the same root certification authority, then verify that the whole chain of
certificationauthorityservers’ certificateshavebeen installed ontheAAA server.The same appliesifthe certificate
was obtained from a subcertification authority.
7. Verify thatthe user account exists inthe internal database of theAAA server or on oneof the configured external
databases.
8. Verify that the AAA server certificate contains EKU with the “Server Authentication” OID (as described in
Section 5.2.2).
9. Verify that AAA server certificate complies with X.509 Version 3.
Figures 7-1 through 7-4 detail examples of invalid certificates:
Figure 7-1
Expired Certificate
Figure 7-2
Invalid Certificate: Not Intended for EAP-TLS Authentication