Security

Reply
Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Onboarding macbook air to EAP-TLS

Hey folks.  Been running CPPM for 3 months or so, started on 6.1. up to 6.2.4 now.    Never was able to test onboarding a macbook air device until i had a user attempt to today, ios devices, android, windows devices all work fine.  I see the macbook device got a cert ok from my cppm server, which is running as a Local CA and my corporate CA running as the Root CA.   Though after registering the device and having the macbook reconnect, i see it failing in Access tracker.

 

In the alert tab when it first attempts to reconnect i see this in the alerts tab:

 

 EAP-TLS: warning alert by client - close_notify

 

In the logs I see:

 

2014-01-29 08:28:38,477[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - TLS Alert read:warning:close notify
2014-01-29 08:28:38,477[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - TLS_accept:failed in SSLv3 read client certificate A
2014-01-29 08:28:38,477[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure

 

 

Anyone seen anything like this before?  

Aruba
Posts: 1,368
Registered: ‎12-12-2011

Re: Onboarding macbook air to EAP-TLS

Did you install the root certificate?

Seth R. Fiermonti
Consulting Systems Engineer - ACCX, ACDX, ACMX
Email: seth@hpe.com
-----
If you found my post helpful, please give kudos
Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Re: Onboarding macbook air to EAP-TLS

Pardon my lack of familiarity with Macbooks and OSX, where would I check this on the client?

 

Unless your asking about the CPPM server itself, which definitely has the root cert installed on the server.

Guru Elite
Posts: 8,169
Registered: ‎09-08-2010

Re: Onboarding macbook air to EAP-TLS

Check in "Keychain Access" found in Applications > Utilities.


Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP
Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Re: Onboarding macbook air to EAP-TLS

Client has the root cert installed on their machine.  Like i mentioned, I see the cert that was generated on the CPPM onboarding database of registered devices/certificates. 

 

Appreciate the thoughts, any other ideas of what to check?

 

Thanks.

Guru Elite
Posts: 20,553
Registered: ‎03-29-2007

Re: Onboarding macbook air to EAP-TLS

Are you using https:?  If so, is the server certificate on CPPM public?

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I
Posts: 83
Registered: ‎11-01-2010

Re: Onboarding macbook air to EAP-TLS

Were using http.

Search Airheads
Showing results for 
Search instead for 
Did you mean: