Hi
The error message you get are the result when the client device doesn't trust the ClearPass Radius Root CA certificate for EAP. The client must first trust the root of the chain that issued the ClearPass Radius certificate, second the client must have a 802.1x profile specifying the root CA as trusted for EAP and some client operating systems also require you to specify the name in the certificate.
In your situation the client don't trust ClearPass and thus don't send the client certificate and you will not see it in Access Tracker.
------------------------------
Best Regards
Jonas Hammarbäck
MVP Guru 2024, ACEX, ACDX #1600, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACSA
Aranya AB
If you find my answer useful, consider giving kudos and/or mark as solution
------------------------------
Original Message:
Sent: Feb 10, 2024 08:50 AM
From: Thorleik Lodinsson
Subject: EAP-TLS with JAMF PRO extension
Our organization wants to switch all of our Jamf managed devices over to using cert based wireless authentication using eap-tls but I'm having a difficult time getting it to work.
I created a new service for EAP-TLS but when I see the attempt to connect in Access Tracker, I get the error "EAP-TLS: warning alert by client - close_notify
TLS Handshake failed in SSL_read with error:140940E5:SSL routines:ssl3_read_bytes:ssl handshake failure
eap-tls: Error in establishing TLS session"
I do not show the cert ever being presented to clearpass in "Computed Atrributes" like I saw in Herman's video. I can verifiy the cert is present in clearpass and on the supplicant.
I'm not sure where I'm going wrong. Can anyone help??