Hi All Deploying a new clearpass with EAP-TLS authentication. I a have very limited knowledge on Certificates and EAP-TLS.
Would like to know what all the basic things need to checked with regards to Certificates.
Below are things done by me that no issues with regards to configuration .
Added Root CA and Intermediate CA to the trustlist of the Clearpass.
Imported the Signed Certificate by the CA into Clear pass as Radius Certificate.
Installed the Root CA and Intermediate CA on a client PC (Windows 10) under Trusted Root CA.
Tested EAP-PEAP by selecting only the Installed Certificates on the Client under Validate Certificate.
Everying went fine till now and i hope thats only way i thought to test the Server Certificate.
Now we downloaded the Cert for User and installed the Certificate into Personal Certificates.
When we tried to authenticate by changing the Service Authentication type EAP-TLS intially we got User not found in authentication source.
Found domain was associated with the username so modified the service to strip the domain. No the username goes as the same as the username which was successsful in EAP-PEAP but we see timeout in access tracker. Alert as Client did not complete EAP transaction. Tried couple of clients.
So i doubt the intial negotiation of certificates is failing. So would like to know what all the things need to be checked on the certificates to ensure authentication is successful.
or Any other suggestions to help successful authentication.
Clear pass on 6.6.2 , CA server Windows 2012 Client Win 10 .
Thanks in advance