01-29-2014 06:40 AM
Hey folks. Been running CPPM for 3 months or so, started on 6.1. up to 6.2.4 now. Never was able to test onboarding a macbook air device until i had a user attempt to today, ios devices, android, windows devices all work fine. I see the macbook device got a cert ok from my cppm server, which is running as a Local CA and my corporate CA running as the Root CA. Though after registering the device and having the macbook reconnect, i see it failing in Access tracker.
In the alert tab when it first attempts to reconnect i see this in the alerts tab:
EAP-TLS: warning alert by client - close_notify
In the logs I see:
|2014-01-29 08:28:38,477||[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - TLS Alert read:warning:close notify|
|2014-01-29 08:28:38,477||[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - TLS_accept:failed in SSLv3 read client certificate A|
|2014-01-29 08:28:38,477||[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure|
Anyone seen anything like this before?
01-31-2014 11:53 AM
Pardon my lack of familiarity with Macbooks and OSX, where would I check this on the client?
Unless your asking about the CPPM server itself, which definitely has the root cert installed on the server.
02-03-2014 01:36 PM
Client has the root cert installed on their machine. Like i mentioned, I see the cert that was generated on the CPPM onboarding database of registered devices/certificates.
Appreciate the thoughts, any other ideas of what to check?
02-03-2014 02:07 PM
Are you using https:? If so, is the server certificate on CPPM public?
Aruba Customer Engineering
Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base