Environment : Aruba os
When using [[EAP-TLS]] as an 802.1X authentication method, a client certificate must be validated by the RADIUS server in order for authentication to succeed. If the client certificate cannot be validated, authentication will fail.
*Examine the RADIUS server log files. In most cases, the RADIUS server will provide necessary clues to troubleshoot the problem.
*A common problem for client certificates is an incorrect Common Name (CN). If the CN is not recognized by the RADIUS server, the RADIUS server cannot locate the user in the database. Check the RADIUS server documentation for the correct format. For example, Microsoft IAS expects the certificate CN to be in the form “user@domain” in order to locate the user correctly in Active Directory.
*Verify that the client certificate has not expired by examining the certificate “Valid to” date.
*Verify that the client certificate has not been revoked. The certification authority Certificate Revocation List (CRL) contains all revoked certificates.