10-10-2013 02:19 AM
I am trying to setup ClearPass OnBoarding for Windows laptops to push a wireless profile for 802.1x authentication via EAP-TLS. I configured a provisioning profile and the provisioning settings. The Windows laptop can connect to the OnBoarding page and the QuickConnect client is executed. It seems that the provisioning is successful, because I see new certificates in the user and computer certificate store and a wireless connection profile is available.
When I try to connect to the 802.1x secure wireless network, I receive the following error message in the CPPM Access Tracker: EAP-TLS: fatal alert by client - access_denied.
This error is caused by the Validate server certificate option within the wireless profile. I am using ClearPass as CA and the correct intermediate and root certificates are pushed to the client and are checked within the wireless network profile.
As soon as I manually disable the check to Validate server certificate, the Windows laptop connects without any problems. I guess the problem is located in the Trust configuration of the wired network configuration in ClearPass Guest. Is someone familiar with this problem?
10-10-2013 12:31 PM
10-10-2013 02:09 PM
Do you know how I can check this, so I know that I am 100% sure the chain is correct. I checked the certificate under OnBoard + Workspace - Initial Setup - Certificate Authorities (see attachment). They seem to be correct, because they are the default Aruba certificates.
The webserver certificate (a wildcard certificate) is also correct, because I can access the ClearPass website without a certificate warning.