AAA, NAC, Guest Access & BYOD

Problem:

Email from Policy Manager and Guest failing with the error message "Could not convert socket to TLS". 

• Need to verify test email from Policy Manager > Administration > External Servers > Messaging Setup

• Verify Event Viewer (Policy Manager > Monitoring > Event Viewer) for the error message.
• Verify if the error message is "Could not convert socket to TLS".
• Need to verify Admin Debug logs for more clarity about the error message.

Procedure to enable Admin service in Debug and collect Logs:

• Navigate to Policy Manager > Administration > Server Manager > Log Configuration
• Select the server used for testing and Select Admin Service in Debug:

Note: Make sure to keep the Service in default Log Level after the testing.

• To collect the logs navigate to Administration > Server Manager > Server Configuration > Select the server and then click on “Collect Logs”.
• Select the below options and then click “Start”:

• Download the logs and extract the file.
• We need to verify admin logs (\PolicyManagerLogs\tips-admin\tipsAdmin.log.*).
• We can see the error message for the relevant timestamp of the test.
• Verify if the below error message:

 javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Failed to verify server certificate(s)

If we are getting certificate verfication failed then the the SMTP servers certificate chain not in the ClearPass trust list Or not enabled in the Trust list.

• We need to add the SMTP server certificate chain in the Trust list.
• To add the certificate navigate to Policy Manager > Administration > Certificates > Trust List > Add
• While importing the certificate Select appropriate category. For Ex. Others, SMTP etc.

If you have difficulties identify the certificate or if you still see the same error message, please contact TAC support to troubleshoot the issue further.