Controller Based WLANs

What are the things which can-be looked at when Client-Certificate is not accepted EAP-TLS-only

by on ‎04-07-2015 01:48 PM

Environment : Aruba os

 

When using [[EAP-TLS]] as an 802.1X authentication method, a client certificate must be validated by the RADIUS server in order for authentication to succeed. If the client certificate cannot be validated, authentication will fail.
 
*Examine the RADIUS server log files. In most cases, the RADIUS server will provide necessary clues to troubleshoot the problem.


*A common problem for client certificates is an incorrect Common Name (CN). If the CN is not recognized by the RADIUS server, the RADIUS server cannot locate the user in the database. Check the RADIUS server documentation for the correct format. For example, Microsoft IAS expects the certificate CN to be in the form “user@domain” in order to locate the user correctly in Active Directory.


*Verify that the client certificate has not expired by examining the certificate “Valid to” date.
*Verify that the client certificate has not been revoked. The certification authority Certificate Revocation List (CRL) contains all revoked certificates.

Comments
MVP MVP
Could use some more details from the OS side: how do I monitor/troubleshoot from the controller? for example.
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.