Security

last person joined: 2 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

CPPM Error in establishing TLS session

  • 1.  CPPM Error in establishing TLS session

    Posted 26 days ago
    Hello all,

    I have a question,
    I currently have 802.1x authentication working with xxx.com and everything works fine,
    but now i would like to add authentication with another (second) domain yyy.com and when i try to authenticate the client to wifi network access tracer gives me an error:

    EAP-PEAP: fatal alert by client - unknown_ca
    TLS Handshake failed in SSL_read with error: 14094418: SSL routines: ssl3_read_bytes: tlsv1 alert unknown ca
    eap-tls: Error in establishing TLS session


    For yyy.com domain I added CA in "Trust List" section but still there is a problem.

    My CPPM: 6.9.3

    Maybe someone had a similar problem?
    Thank you in advance for your answer.

    best regards

    ------------------------------
    Martin S
    ------------------------------


  • 2.  RE: CPPM Error in establishing TLS session

    Posted 26 days ago
    You should check and validate the CA that issued the device cert , the one you added into ClearPass may not be the correct one

    Check the serial number and thumbprint on the cert

    ------------------------------
    Victor Fabian
    ------------------------------



  • 3.  RE: CPPM Error in establishing TLS session

    Posted 25 days ago
    It's an issue at the client, not in the Trust List:

    fatal alert by client - unknown_ca

    This means that the client complains that it does not trust the ClearPass EAP certificate.

    Have you replaced the default self-signed EAP/RADIUS certificate with a trusted one (either from public or private CA)?
    Did you configure your client and imported or enabled the Root CA in your client (supplicant)?
    What type of client is this?

    ------------------------------
    Herman Robers
    ------------------------
    If you have urgent issues, always contact your Aruba partner, distributor or Aruba TAC Support. Check https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC.
    ------------------------------