Security

Reply

TLS authentication issue : EAP-TLS warning alert by client - close_notify

After the iOS device successfully passes the onboarding process is not able to authenticate .

 

I am able to authenticate with no issues Win7 and Android devices

 

2014-02-18 14_17_54-ClearPass Policy Manager - Aruba Networks.png

 

Cert issue?

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
Aruba

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

Victor,

 

Based on the error the client isnt trusting either the Root CA, Intermediate or server cert. 

 

1. what version of CPPM?

2. did you combine the three when you added them into CPPM

3. You might need to change the network settings from auto to Manual on the trust.

 

trust.png

Thank You,
Troy

--Give Kudos: found something helpful, important, or cool? Click Kudos Star in a post.

--Problem Solved? Click "Accepted Solution" in a post.
MVP

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

Had the same problem with IOS7 clients only. Turned out to be a trust issue.

 

"My issue turned out to be a trust issue.

 

Guest > onboard+workspace > Onboard/MDM Configuration > Network Settings > *your profile* > Trust tab

I had selected to automatically configure trust settings.

Even though the cppm ssl certificate included the entire chain this wasn't working properly.

 

The fix was to change this to manualy configure the trust settings. Cut up the server cert into its CA and intermediate CA's and upload those individualy and then add them as trusted certificates."

 

Koen (ACMX #351 | ACDX #547 | ACCP)

-- Found something helpful, important, or cool? Click the Kudos Star in a post.
-- Problem Solved? Click "Accept as Solution" in a post.

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

 

 

 

Thanks Troy,

 

1. what version of CPPM? 

6.2.5.60869 

2. did you combine the three when you added them into CPPM

I did

3. You might need to change the network settings from auto to Manual on the trust.

Just tried that but it didnt work maybe I am missing something else

 

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

Thanks koenv,

 

Sorry don't understand this part : 

"Cut up the server cert into its CA and intermediate CA's and upload those individualy and then add them as trusted certificates."

 

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

 

Im golden now.

 

I had to tweeked the different certs.

 

Thank you Guys

Thank you

Victor Fabian
Lead Mobility Engineer @ Integration Partners
AMFX | ACMX | ACDX | ACCX | CWAP | CWDP | CWNA
New Contributor

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

Awesome this solved the issue for me on ver 6.3.1.4 with a godaddy cert which contained two intermediate CA's in the trust chain.  

 

Chopped up the certs individually, uploaded as trusted cert, and selected manually in network settings as shown below.

 

Bam.  Thank you!

 

Capture3.JPG

Aruba Employee

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

Hello, 

I have the exact same issue in a lab and a customer environment running CP 6.5.5.78974.

All devices can successfully onboard (windows, android, apple) but an iPhone cannot connect to the secure network. I get the alredy mentioned alert.clearpass_TLS_session_error.JPG

I alredy tried automatic and manual trust settings without success.

Looking at the iphone certificate trust list everything looks fine.

 

Can anyone help?

 

Thanks in advance.

 

Jens

Guru Elite

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

What is the root CA for your radius cert? 

Sent from Nine

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Aruba Employee

Re: TLS authentication issue : EAP-TLS warning alert by client - close_notify

The root CA is private Microsoft CA.

 

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: