06-14-2017 02:24 PM
Newbie to the forums and product, please excuse the extreme ignorance to follow.
We are trying out CP and have a 802.1x policy that works for all Windows machines thrown at it thus far. However, when I try the same process on a Mac, CP gives me Error Code 215. The alert says:
EAP-TLS: fatal alert by server - handshake_failure
TLS Handshake failed in SSL_read with error:140890C7:SSL routines:ssl3_get_client_certificate:peer did not return a certificate
eap-tls: Error in establishing TLS session
The RADIUS cert used on CP is from our own PKI. Macs and Windows devices are using the same device certificate template when requesting said cert from the CA.
Any ideas would be most appreciated! Thank you for reading.
06-15-2017 10:51 AM
I believe so. A pop-up appears on the Mac asking for the Identity, at which time I select the 802.1x profile that was pushed to the device. One thing I noticed is that the Device Certificate on the Mac has no Subject. The same CA template is used for Device Certs on PC, which are working fine. So, not sure if that is part of the problem or not. Screenshot attached.
06-19-2017 01:03 PM
Looks like our PKI template needed to be adjusted for Mac devices. This has been corrected and now the Mac seems to be happy with the new device certificate. However, CP authentication is still failing. At this point I am thinking it may be because "host/" is missing from the Authentication:Full-Username part of the request. For example, working Windows devices return "host/pcname.domain.com" whereas my Mac is sending back "macname.domain.com".
Any suggestions would be most appreciated! Thank you for reading.