Security

Reply
Occasional Contributor II

EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Hello,

 

I have an 802.1x SSID, secured with a Digicert Wildcard certificate.  My Apple iPhone can connect fine and is presented with the certificate to accept.  

 

An unmanaged Windows device however cannot connect, and below is what I see in access tracker:

 

EAP-PEAP: fatal alert by client - access_denied
TLS session reuse error

 

I know I can probably push the certificate for clearpass through Group Policy for managed machines, but it doesn't help me for BYOD.

 

halp!

Guru Elite

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Do not use a wildcard as the EAP server certificate.

Acquire a standard, single domain name generic certificate for this use (ex: network-auth.domain.xyz, etc).


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Highlighted
Occasional Contributor II

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

I bet that's why it works fine with iOS but not Windows.  

Guru Elite

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Yes. For security reasons, Windows rejects a wildcard cert for EAP (which is a good thing).

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: