Security

Reply
Occasional Contributor II

Onboard TLS Session Error

Dear All,

 

I had provision my Android Devices successfully in CPPM 6.3.

But tried to connect WiFi with 802.1X EAP-TLS. It always failed.

When I checked CPPM Access Tracker below:

TLS_Error.jpg

 

And I also checked my Certification chain below:

CPPM_Cert.jpg

 

In CPPM, I could find my devices below:

Onboard_Devices.jpg

 

 

Anyone help me to solve this issue?

 

BR

Thanks a lot.

 

Re: Onboard TLS Session Error

 

A couple of things :

- Make sure you have TLS enabled under the  802.1x

 

- Do you have the trus sett to  automatically or manually ?

2014-05-07 08_52_29-Network Settings.png

 

- Are you using OCSP ?

 

2014-05-07 08_53_19-ClearPass Policy Manager - Aruba Networks.png

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: Onboard TLS Session Error

you appear to have two root CAs in your chain, is that on purpose?

 

i would check if your client does actually send the correct certificate.

Occasional Contributor II

Re: Onboard TLS Session Error

Yes! And Automatic trust certificate!

Please see below:

 

8021X.jpg

 

Occasional Contributor II

Re: Onboard TLS Session Error

Dear boneyard,

 

I checked only one Root CA in CPPM.

 

any idea?

 

Root_CA.jpg

Re: Onboard TLS Session Error

you are now mixing things, at "And I also checked my Certification chain below:" you show a chain with a double root CA. not sure if that might cause issues.

 

for the rest i would take a step back, what does work? start with something simple, only username / password. move to your own certificates and then perhaps move to onboarding and check it is setup following guides. it is difficult to understand your full setup based on a few screenshots.

 

if you have support call TAC, they can go through your whole setup more easily.

Re: Onboard TLS Session Error

 If you edit ocsp authentication method it should match the URL in the Onboard settings

2014-05-07 18_33_34-Certificate Authority Settings.png

 

2014-05-07 18_34_15-ClearPass Policy Manager - Aruba Networks.png

 

 

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Occasional Contributor II

Re: Onboard TLS Session Error

Hi Victor Fabian,

 

wehre can I find the "Certificate Authority Settings" on the GUI to copy the OCSP URL?

 

thx

Markus

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: