Security

Hi All, 

I am trying to implement  user device onboarded using Google Secure LDAP.  
Onboarding part is working and derives getting certificate from ClearPass.  However when device try to authenticate using  onboarded certificate, it fails. 

First Windows 10 PC error on Clearpass  was "TLS Handshake failed in SSL_read with error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol eap-tls: Error in establishing TLS session" 

Android device error on Clearpass  was " [Endpoints Repository] - localhost: User not found.
[Onboard Devices Repository] - localhost: User not found.
[Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user"

second Windows 10 error on Clearpass  was "[Endpoints Repository] - localhost: User not found.
[Onboard Devices Repository] - localhost: User not found.
[Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user" 

Clearpass has FQDN with publically sign SSL certificate (HTTPS) install.   
ClearPass is the root CA for onboarding.

During onboarding process client get 3 certificates installed into trusted root CA store and one user certificate into personal certificate store.

what am I doing wrong. 

In clearpass what source used for authentication with onboard certificates?   "Onboard Devices Repository" or  "Local User Repository"? 

Any help is appreciated
Thanks
 

------------------------------
Asela Abhayapala
------------------------------

Create an EAP-TLS method with authorization disabled and use it in the service. Then remove all authentication sources.

------------------------------
Tim C
------------------------------

Original Message:
Sent: Jun 03, 2021 02:48 AM
From: Asela Abhayapala
Subject: Onboarding with Google cloud identity - TLS issues

Hi All, 

I am trying to implement  user device onboarded using Google Secure LDAP.  
Onboarding part is working and derives getting certificate from ClearPass.  However when device try to authenticate using  onboarded certificate, it fails. 

First Windows 10 PC error on Clearpass  was "TLS Handshake failed in SSL_read with error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol eap-tls: Error in establishing TLS session" 

Android device error on Clearpass  was " [Endpoints Repository] - localhost: User not found.
[Onboard Devices Repository] - localhost: User not found.
[Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user"

second Windows 10 error on Clearpass  was "[Endpoints Repository] - localhost: User not found.
[Onboard Devices Repository] - localhost: User not found.
[Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user" 

Clearpass has FQDN with publically sign SSL certificate (HTTPS) install.   
ClearPass is the root CA for onboarding.

During onboarding process client get 3 certificates installed into trusted root CA store and one user certificate into personal certificate store.

what am I doing wrong. 

In clearpass what source used for authentication with onboard certificates?   "Onboard Devices Repository" or  "Local User Repository"? 

Any help is appreciated
Thanks
 

------------------------------
Asela Abhayapala
------------------------------

Thanks for the replay Tim,   That works. 
Cheers

------------------------------
Asela Abhayapala
------------------------------

Original Message:
Sent: Jun 03, 2021 02:14 PM
From: Tim C
Subject: Onboarding with Google cloud identity - TLS issues

Create an EAP-TLS method with authorization disabled and use it in the service. Then remove all authentication sources.

------------------------------
Tim C

Original Message:
Sent: Jun 03, 2021 02:48 AM
From: Asela Abhayapala
Subject: Onboarding with Google cloud identity - TLS issues

Hi All, 

I am trying to implement  user device onboarded using Google Secure LDAP.  
Onboarding part is working and derives getting certificate from ClearPass.  However when device try to authenticate using  onboarded certificate, it fails. 

First Windows 10 PC error on Clearpass  was "TLS Handshake failed in SSL_read with error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol eap-tls: Error in establishing TLS session" 

Android device error on Clearpass  was " [Endpoints Repository] - localhost: User not found.
[Onboard Devices Repository] - localhost: User not found.
[Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user"

second Windows 10 error on Clearpass  was "[Endpoints Repository] - localhost: User not found.
[Onboard Devices Repository] - localhost: User not found.
[Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user" 

Clearpass has FQDN with publically sign SSL certificate (HTTPS) install.   
ClearPass is the root CA for onboarding.

During onboarding process client get 3 certificates installed into trusted root CA store and one user certificate into personal certificate store.

what am I doing wrong. 

In clearpass what source used for authentication with onboard certificates?   "Onboard Devices Repository" or  "Local User Repository"? 

Any help is appreciated
Thanks
 

------------------------------
Asela Abhayapala
------------------------------