Hi all,
Having some trouble getting EAP-TLS working properly. We have never used it in the past, always EAP-PEAP. I modified our 802.1X service to allow [EAP-TLS] and the policy looks to be working properly. However, the requests are still failing due to the following errors in the logs:
[Th 1340 Req 2212772 SessId R000c52f8-24-5c6ebc57] ERROR RadiusServer.Radius - TLS Alert read:warning:close notify |
2019-02-21 09:57:28,022 | [Th 1340 Req 2212772 SessId R000c52f8-24-5c6ebc57] ERROR RadiusServer.Radius - TLS_accept:failed in SSLv3 read client certificate A |
2019-02-21 09:57:28,022 | [Th 1340 Req 2212772 SessId R000c52f8-24-5c6ebc57] ERROR RadiusServer.Radius - rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure |
2019-02-21 09:57:28,022 | [Th 1340 Req 2212772 SessId R000c52f8-24-5c6ebc57] ERROR RadiusServer.Radius - rlm_eap_tls: TLS Handshake failed |
Any suggestions on what I can look at?
I have added the certs from the domain that are used on the device into the trust list in CPPM and added the RADIUS cert onto the device to trust our CPPM server as well. Tried disabling TLS 1.2 but did not make a difference. We are still support TLS 1.0 and 1.1 as well in cluster-wide parameters.
Not sure what else could be causing it not to complete the SSL connection.