Security

Our organization wants to switch all of our Jamf managed devices over to using cert based wireless authentication using eap-tls but I'm having a difficult time getting it to work. 

I created a new service for EAP-TLS but when I see the attempt to connect in Access Tracker, I get the error "EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

I do not show the cert ever being presented to clearpass in "Computed Atrributes" like I saw in Herman's video. I can verifiy the cert is present in clearpass and on the supplicant. 

I'm not sure where I'm going wrong. Can anyone help??

Hi

The error message you get are the result when the client device doesn't trust the ClearPass Radius Root CA certificate for EAP. The client must first trust the root of the chain that issued the ClearPass Radius certificate, second the client must have a 802.1x profile specifying the root CA as trusted for EAP and some client operating systems also require you to specify the name in the certificate.

In your situation the client don't trust ClearPass and thus don't send the client certificate and you will not see it in Access Tracker.

Our organization wants to switch all of our Jamf managed devices over to using cert based wireless authentication using eap-tls but I'm having a difficult time getting it to work. 

I created a new service for EAP-TLS but when I see the attempt to connect in Access Tracker, I get the error "EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

I do not show the cert ever being presented to clearpass in "Computed Atrributes" like I saw in Herman's video. I can verifiy the cert is present in clearpass and on the supplicant. 

I'm not sure where I'm going wrong. Can anyone help??

Our organization wants to switch all of our Jamf managed devices over to using cert based wireless authentication using eap-tls but I'm having a difficult time getting it to work. 

I created a new service for EAP-TLS but when I see the attempt to connect in Access Tracker, I get the error "EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

I do not show the cert ever being presented to clearpass in "Computed Atrributes" like I saw in Herman's video. I can verifiy the cert is present in clearpass and on the supplicant. 

I'm not sure where I'm going wrong. Can anyone help??

Hope this helps.  here is the Configuration profile payload of our EAP-TLS Wi-Fi in Jamf Pro.

1. I'm deploying the root certificate for our CA server.  The CA server not only assigns certificates to the clients, But I also used it to make a server certificate for Clearpass RADIUS.  So the clients only need the one root.
2. The Wi-Fi profile that establishes the trust with the SCEP server
3. The SCEP server so the client can request a certificate

Our organization wants to switch all of our Jamf managed devices over to using cert based wireless authentication using eap-tls but I'm having a difficult time getting it to work. 

I created a new service for EAP-TLS but when I see the attempt to connect in Access Tracker, I get the error "EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"

I do not show the cert ever being presented to clearpass in "Computed Atrributes" like I saw in Herman's video. I can verifiy the cert is present in clearpass and on the supplicant. 

I'm not sure where I'm going wrong. Can anyone help??