Security

last person joined: 10 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Onboarding with Google cloud identity - TLS issues

Jump to Best Answer
This thread has been viewed 8 times
  • 1.  Onboarding with Google cloud identity - TLS issues

    Posted Jun 03, 2021 02:48 AM
    Hi All, 

    I am trying to implement  user device onboarded using Google Secure LDAP.  
    Onboarding part is working and derives getting certificate from ClearPass.  However when device try to authenticate using  onboarded certificate, it fails. 

    First Windows 10 PC error on Clearpass  was "TLS Handshake failed in SSL_read with error:140760FC:SSL routines:SSL23_GET_CLIENT_HELLO:unknown protocol eap-tls: Error in establishing TLS session" 

    Android device error on Clearpass  was " [Endpoints Repository] - localhost: User not found.
    [Onboard Devices Repository] - localhost: User not found.
    [Local User Repository] - localhost: User not found.
    EAP-TLS: Authentication failure, unknown user"

    second Windows 10 error on Clearpass  was "[Endpoints Repository] - localhost: User not found.
    [Onboard Devices Repository] - localhost: User not found.
    [Local User Repository] - localhost: User not found.
    EAP-TLS: Authentication failure, unknown user" 

    Clearpass has FQDN with publically sign SSL certificate (HTTPS) install.   
    ClearPass is the root CA for onboarding.

    During onboarding process client get 3 certificates installed into trusted root CA store and one user certificate into personal certificate store.

    what am I doing wrong. 

    In clearpass what source used for authentication with onboard certificates?   "Onboard Devices Repository" or  "Local User Repository"? 

    Any help is appreciated
    Thanks
     


    ------------------------------
    Asela Abhayapala
    ------------------------------


  • 2.  RE: Onboarding with Google cloud identity - TLS issues
    Best Answer

    Posted Jun 03, 2021 02:15 PM
    Create an EAP-TLS method with authorization disabled and use it in the service. Then remove all authentication sources.

    ------------------------------
    Tim C
    ------------------------------



  • 3.  RE: Onboarding with Google cloud identity - TLS issues

    Posted Jun 03, 2021 06:43 PM
    Thanks for the replay Tim,   That works. 
    Cheers

    ------------------------------
    Asela Abhayapala
    ------------------------------