Yes I was. In my case we originally used GoDaddy cert for root CA. We then changed to another certificate provided by CSC Corporate Domains and provider was (from memory) AddTrust... Root CA certificate. They cross sign the root ca certificate which was Sha1 with another providers Sha2 certificate. Clearpass / windows OS requires a Sha2 CA directly / not to be cross signed. I woud think this is a rare situation. One year later when cert had expired I reverted back to much cheaper GoDaddy cert and all worked perfectly. So I believe this was the resolution and nothing to do with cached cert and changing the cert. back to original provider. Hope this helps.
Appreciate your response.
but in my cause we used internal CA for both case i.e sha1 and sha2
all machines are not connecting to wifi automatically via GPO. All forums are pointing towards radius but for us clearpass is the radius server.
. i have been breaking my head for 1 week and not getting anyhwere.
where should i check for cross signed cert?
TAC are not being that helpful as well.
Any other recommendation you have i can check
Did you look in the event viewer on the radius server to understand what the problem is?
Many, many organizations do this every day..
my radius server is the clearpass server.
should i still be checking?
Yes. What is the error in the access tracker?
the current issue is the machine no automatically connecting to clearpass.
i have to manually click connect.
on the client machine its pointing towards certificate thumbprint which doesnt exist anywhere.
clearpass happily accepts once i hit connect manually.
but this only started happening once we changed the cert on clearpass from SHA1 to SHA2 hence picking your brain
Does the client trust the new certificate?
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.