Intermediate Question

We recently ordered certificates for our Cisco ACS servers. Everything works fine except we have to import the intermediate certificate into each windows client. Does anyone know if there is another windows update anywhere to add this to the clients, or did we request the wrong certificate?


As per the TLS RFCs, the server (Cisco ACS in this case) must present the FULL certificate chain so that unaware RFC compliant applications such as Opera and Firefox are able to connect and cache the certs so the next time you view a site with that cert chain the client application will not request the chain as the application would usually cache the intermediate certs.

That’s fine, but the issue I am having is that I have thousands of users using Microsoft wireless client with PEAP and your intermediate CA is not listed in the certificate store. That’s what I am trying to resolve. I know in Nov 2009 your root CA was added to the included list but not the Intermediate. I am curious if there is another update out there or why it wasn’t added also.

I would suspect that either the ACS is not configured to present the Intermediates OR the Microsoft Wireless Client does not accept chained certificates. It could also be both.

I suggest that you open a support ticket via and reference this thread so that we can investigate accordingly.