Security

last person joined: 6 hours ago 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

Onboarding iOS devices: Error in establishing TLS session, error 215

This thread has been viewed 0 times
  • 1.  Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 18, 2018 08:35 AM

    Hi,

    my customer is having problems with iOS device onboarding. The provisioning process works fine but the EAP-TLS authentication after that does not. Clearpass is the root CA. Windows machines works fine. Clearpass version is 6.6.10.35654.

     

    What could cause the problem? Please let me know if you need more information. Thanks!

    identity.pngrequest-details.pngmethod-details.pngocsp-url.png



  • 2.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 20, 2018 12:13 AM

    Can you show the information about your Radius server certificate? Is it self-signed or signed by a CA?



  • 3.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 23, 2018 02:47 AM

    Hi,

    it's self-signed. I don't have access to the CP at the moment but everything is default (2048 bit encryption etc).



  • 4.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 24, 2018 11:00 AM

    I think the self-signed cert is the problem here. You should get your Radius cert signed by the onboard CA and try again.



  • 5.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 24, 2018 03:10 PM

    unless you have redirect, your OCSP path in this last screenshot is a http:  not "s"  

     

    maybe this is the issue?



  • 6.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 24, 2018 03:13 PM

    I would work with your Aruba partner. There are major configuration issues here.

     

    RE: OCSP, the check is done over HTTP, not TLS.



  • 7.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted May 25, 2018 04:47 AM

    The problem is I am the Aruba partner. Of course contacting tac is always an option. Major configuration issues where? Earlier this has been working like a charm and I really don't know what broke it.



  • 8.  RE: Onboarding iOS devices: Error in establishing TLS session, error 215

    Posted Jul 16, 2018 05:59 PM

    Did you find a solution to this? I am just deploying a network and can't get chrome devices to join with the same error. I am inclined to believe it was a change in chrome os. How to satisfy it though?