Security

Reply
Contributor II

Avaya 3645 handset 802.1x certificate issues

Hi all, we're trying to connect Avaya 3645 to a 802.1x network using EAP-PEAP, with ClearPass 6.6.8 as the Radius server. I can see the attempt in Access Tracker, but it is rejected with the following error: EAP-PEAP: fatal alert by client - unknown_ca TLS Handshake failed in SSL_read with error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca eap-tls: Error in establishing TLS session So obviously an issue with the Server certificate being trusted by the Avaya handset. I've exported the Radius server certificate from ClearPass, and verified that it contains the entire path - Server, Intermediate and Root certs are all contained. I have no problem importing / enrolling the cert in the Avaya handset software, but it still fails. Has anyone done this successfully?

Re: Avaya 3645 handset 802.1x certificate issues

Are you able to provide the full logs from within the Access Tracker entry? Does the device need to validate the Cert as I see this "unknown ca" in your logs previously provided.


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Contributor II

Re: Avaya 3645 handset 802.1x certificate issues

Log file is attached.  There's no way in the Avaya handset config to disable certificate validation.  It is very rudimentary.

Guru Elite

Re: Avaya 3645 handset 802.1x certificate issues

Try just installing the signing/intermediate CA.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Contributor II

Re: Avaya 3645 handset 802.1x certificate issues

We tried the root, the intermediate and the server cert, plus all 3 combined.  Still no go.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: