Security

Reply
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Onboard Printer TLS Session Error

1) I am using Canon C2230 printer with 802.1x enabled. (This printer cannot do CSR and export cert)

2) I uploaded the Root CA into the printer (Onbard as Root CA)

3) I created and uploaded a client cert via onboard (CSR) with the username same as the printer

4) I am very sure that switchport configuration is correct because if works for other devices 

 

Any idea why am I getting the following error message? Am I doing the right way?

EAP-TLS: fatal alert by server - internal_error

eap-tls: Error in establishing TLS session

Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: Onboard Printer TLS Session Error

Did you upload both the Onboard and Onboard Signing cert?


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Onboard Printer TLS Session Error

yes, infact when i exported to p12 format and uploaded it, both the certs appears as trusted list CA in the printer. 

Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: Onboard Printer TLS Session Error

Is the printer running the latest firmware?
Did you give the printer the private key password?

Printers tend to have really crappy supplicants which is why most people don't do dot1X with them.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Occasional Contributor II
Posts: 78
Registered: ‎06-03-2014

Re: Onboard Printer TLS Session Error

i am asking my client to ask his printer vendor to come down. I will ask him to upgrade to the latest firmware. Meanwhile I am just wondering if I did anything wrong or miss out on the onboard. on boarding for other devices works though. the only different is creating the user client manually. Yes, password was needed to decrypt the p12 file when I uploaded it.
Guru Elite
Posts: 8,050
Registered: ‎09-08-2010

Re: Onboard Printer TLS Session Error

Just as a point of information, I've never had a printer work correctly with 802.1X authentication.


Thanks,
Tim

Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Super Contributor II
Posts: 374
Registered: ‎09-05-2012

Re: Onboard Printer TLS Session Error

Would you be able to configure it to do just MSCHAPv2/PEAP?

 

We had a Brother wireless printer that I configued to use this and it works like a champ.

I believe they had an option to ignore any certiciate warnings.

 

I know it isn't the most secure solution, but it works and seems to be pretty reliable.

Guru Elite
Posts: 20,422
Registered: ‎03-29-2007

Re: Onboard Printer TLS Session Error

Very few people have gotten a printer to do PEAP or EAP-TLS successfully..



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Super Contributor II
Posts: 374
Registered: ‎09-05-2012

Re: Onboard Printer TLS Session Error

 

It sounds like we got really lucky with the printers that we purchased.

Search Airheads
Showing results for 
Search instead for 
Did you mean: