Hi.
I'm trying to implement Clearpass with 3 different AD's with EAP-TLS
All running PKI and have users/computers. All 3 different AD's computers should be able to authenticate using same CP.
AD servers are
AD1.TEST.COM
AD2.TEST.COM
AD3.TEST.COM
I have created certificate for Clearpass in AD1.TEST.COM
Imported all AD servers root certs to trusted list on Clearpass
Client that belongs to AD2.TEST.COM has 802.1x settings correctly for EAP-TLS and machine cert and root cert from AD2.TEST.COM installed. I have modified EAP-TLS so no certificate comparison and no Authorization Required
It doesn't work, error message is
RADIUS EAP-TLS: fatal alert by server - unknown_ca
TLS Handshake failed in SSL_read with error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
eap-tls: Error in establishing TLS session
What is the right way to do it?
Thank you for your help.
Best regards.
Joakim
------------------------------
Joakim
------------------------------