I am trying to setup ClearPass OnBoarding for Windows laptops to push a wireless profile for 802.1x authentication via EAP-TLS. I configured a provisioning profile and the provisioning settings. The Windows laptop can connect to the OnBoarding page and the QuickConnect client is executed. It seems that the provisioning is successful, because I see new certificates in the user and computer certificate store and a wireless connection profile is available.
When I try to connect to the 802.1x secure wireless network, I receive the following error message in the CPPM Access Tracker: EAP-TLS: fatal alert by client - access_denied.
This error is caused by the Validate server certificate option within the wireless profile. I am using ClearPass as CA and the correct intermediate and root certificates are pushed to the client and are checked within the wireless network profile.
As soon as I manually disable the check to Validate server certificate, the Windows laptop connects without any problems. I guess the problem is located in the Trust configuration of the wired network configuration in ClearPass Guest. Is someone familiar with this problem?
Do you know how I can check this, so I know that I am 100% sure the chain is correct. I checked the certificate under OnBoard + Workspace - Initial Setup - Certificate Authorities (see attachment). They seem to be correct, because they are the default Aruba certificates.
The webserver certificate (a wildcard certificate) is also correct, because I can access the ClearPass website without a certificate warning.
He Admins, I have the same issue. What was the soltuion? I use a public wildcard cert from a public CA Thawte, but it is not trusted by Windows Clients.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2020 Hewlett Packard Enterprise Development LPAll Rights Reserved.