Security

Hi, I installed new clearpass, last release, I restored backup and I added new certificates (I have internal ROOT CA - this is in trusted list). All laptop work fine but all mobile devices give me error "EAP-TLS: fatal alert by client - unknown_ca". I try to use self-signed certificate but not run nothing. Tablet and smartphone have old certificate from old ROOT CA, I must re-run onboard process on all devices or there is a simple way to accept mobiles? Thanks.

What are you using for the EAP server certificate?

Yes, AP105 e 205 with RADIUS clearpass

Please tell us about your EAP server certificate. Is it public CA-signed, self-signed or internally signed? Are your devices managed or unmanaged?

Internal CA with devices managed

The device doesn’t appear to have the signing CA of the EAP server certificate installed in it’s trust store.

I load RADIUS certificate of my internal CA on trusted store of clearpass. Onboarded certificates are generated by OLD_CA while now I have a RADIUS certificate from NEW_CA. Both _CA are on trusted list of clearpass.

The signing CA of the EAP server certificate needs to be installed on the clients and configured in the supplicant.

I solved with restore of old certificates, but this expire next year. Can I push new certificate automatically on all mobile devices with onboard system? PS I have a new root CA.