Security

last person joined: an hour ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

EAP-PEAP Clearpass Error 215 Fatal Alert by Client

This thread has been viewed 7 times

  • 1.  EAP-PEAP Clearpass Error 215 Fatal Alert by Client

    Posted Aug 14, 2017 04:25 PM

    Hello,

     

    I have an 802.1x SSID, secured with a Digicert Wildcard certificate.  My Apple iPhone can connect fine and is presented with the certificate to accept.  

     

    An unmanaged Windows device however cannot connect, and below is what I see in access tracker:

     

    EAP-PEAP: fatal alert by client - access_denied
    TLS session reuse error

     

    I know I can probably push the certificate for clearpass through Group Policy for managed machines, but it doesn't help me for BYOD.

     

    halp!



  • 2.  RE: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

    EMPLOYEE
    Posted Aug 14, 2017 04:30 PM

    Do not use a wildcard as the EAP server certificate.

    Acquire a standard, single domain name generic certificate for this use (ex: network-auth.domain.xyz, etc).



  • 3.  RE: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

    Posted Aug 14, 2017 04:40 PM

    I bet that's why it works fine with iOS but not Windows.  



  • 4.  RE: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

    EMPLOYEE
    Posted Aug 14, 2017 04:48 PM
    Yes. For security reasons, Windows rejects a wildcard cert for EAP (which is a good thing).