Security

Reply
Occasional Contributor I

ClearPass Onboard OS X TLS Issue

I am hoping someone can shed some light on this issue.

 

I work for a secondary school that has just implemented BYOD for students. We have a mix of iOS, OS X and Windows. We have Onboarding set up with a network profile that connects to our WiFi using TLS. All iOS devices and Windows devices have onboarded successfuly. After Onboarding they can connect to the WiFi without issue. We have successfully Onboarded ~300 OS X devices. They can connect to the WiFi without issue. We have roughly half a dozen OS X devices that once they Onboard, when trying to connect to the WiFi a popup will appear asking to select a certificate. Even after selecting the correct certificate it still states it cannot connect. Looking at ClearPass Policy Manager Access Tracker there is an error that states

"EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

 

I am at a loss as it works for 99% of OS X devices and there doesn't appear to be a common link between the devices that don't.

Guru Elite

Re: ClearPass Onboard OS X TLS Issue

Does re-Onboarding the same device fix the issue?

Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: ClearPass Onboard OS X TLS Issue

No. I have tried re-Onboarding the same device, I have tried deleting all certificates, users and the device from ClearPass Onboarding and then re-Onboarded, but the problem persists.

Guru Elite

Re: ClearPass Onboard OS X TLS Issue

Is there any common factor between the devices (OS version, etc)?

Which version of ClearPass?


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Occasional Contributor I

Re: ClearPass Onboard OS X TLS Issue

On closer inspection and review I have found that the OS X version is 10.11.6. Our ClearPass version is 6.6.9.102777.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: