Good morning,
We have been having a terribly difficult time trying to authenticate Red Hat Linux laptop with the ClearPass appliance.
It appears that in order to authenticate certificates, one must use TLS for certificate authentication.
Based upon the attachment (please see attachment), it is requesting two certificate fields:
- User certificate
- CA certificate <-- is this an internal root certificate? Isn't that dangerous putting the entire agency's root certificate on a measly laptop?????
Also, not sure why it is also asking for an "identity" in one of the fields as well. Please see attachment.
Just to confirm, does the RedHAT laptop require a internal Root certificate as well as the client certificate together to work? In the Microsoft world, only a client certificate is needed and it authenticates to the internal root certificate on the AD server.
I'm alittle bit concerned that an internal Root certificate is required to be installed on a laptop.... I believe the internal root certificate is an extremely sensitive certificate that shouldn't be installed on a laptop where it can be stolen or used for nefarious purposes.
Why is RedHat requiring both certificates?
In addition, I am also seeing the error:
EAP-PEAP: fatal alert by client - unknown_ca TLS Handshake failed in SSL_read with error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca eap-tls: Error in establishing TLS session.
Its been extremely difficult getting or finding anytype of information on how RedHAT can authenticate with Linux. Any recommendations or assistance would be enormously appreciated on getting this to work!!!
I've been seeing lots of inquiries and issues with Linux working with ClearPass. Please help. Thanks.
Regards,
Wes
------------------------------
Wes Chang
------------------------------