Greetings,
I have what seems to be a peculiar issue. We run an Aruba ClearPass VM with two Aruba wireless controllers running in active/passive mode. We also have a good number of 720 AP's that connect to these controllers.
We have several SSID's, but the ones affected by this issue authenticate using 802.11x.
Last week I was made aware that the RADIUS and HTTP server certificates were expiring. These certificates were real ones issued by third-party CA Symantec. However, instead of renewing them, I was asked to replace the certificates with a wildcard certificate we've been using recently with other gear that needed it. The reason for moving to a wildcard certificate is an obvious one; cheaper to reuse instead of getting individuals.
Ever since switching to wildcard certificate, we have Windows wireless clients that can no longer connect. The error logged in ClearPass is the subject of this topic:
EAP-PEAP: fatal alert by client - access_denied TLS session reuse error
I tried manually installing the wildcard certificate on a test Windows laptop that is affected by this, but it doesn't work. I also went into Group Policy and enabled acceptance of third-party and trusted peer CA's to no avail.
Interestingly, I use an Android phone and it connects to the affected SSID without issue. So it seems Windows clients are probably by default not seeking the updated certificate or insist in using the previous, now-outdated certificate as it's the same FQDN hostname, but using a brand new, wildcard certificate instead.
Any ideas?
Thanks in advance