Hey guys,
So I am testing a new deployment option with an Azure based CPPM with Onboard + Intunes SCEP extension. The solution has successfully deployed client certificates to my windows devices.
I am manually configuring the WiFi and I have not been able to get the devices to authenticate. In theory EAP-TLS I do not need an authentication source as I only want to trust the certificate. Next step will be adding Entra account validation, but still stuck on the basic authentication step.
Authentication fails with the following error:
EAP-TLS: fatal alert by server - unknown_ca
TLS Handshake failed in SSL_read with error:1417C086:SSL routines:tls_process_client_certificate:certificate verify failed
eap-tls: Error in establishing TLS session
The client is selecting the right cert, which was created by the Onboard CA and it also has the root cert as a Trusted CA.
The Onboard CA ROOT cert is in the CPPM trust list and set the EAP and Others for the usage. I cannot figure out why it is reporting "unknown_ca". I have tried disabling "verify the server identity" on the client side, but that didn't change anything
Service is using EAP-TLS authentication method with authorization disabled. CPPM is on version 6.12.2. Client does have a TPM chip, but the error seems unrelated.
Any ideas?
Thanks,
RK