Hi ,
I have been configuring ClearPass as radius server. We have used our own CA and InTune to deploy certs to users.
It works for both windows and mac however see TLS errors sometimes with the username being passed rather than username@domain.com - then it will try a second again later with username@domain.com and be succesful. I have no idea why it is doing this or if there is some sort of retry logic enabled. Below is a screenshot of what I mean all for the same user:
Logs show:
RADIUS EAP-TLS: client certificate CN/SAN comparison failure
EAP-TLS: fatal alert by server - internal_error
TLS Handshake failed in SSL_read with error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
eap-tls: Error in establishing TLS session
And the detailed logs show:
2020-05-28 14:57:41,274 [Th 23 Req 795 SessId R0000008f-01-5ecfc354] ERROR RadiusServer.Radius - TLS Alert write:fatal:internal error
2020-05-28 14:57:41,274 [Th 23 Req 795 SessId R0000008f-01-5ecfc354] INFO RadiusServer.Radius - TLS_accept:error in error
2020-05-28 14:57:41,275 [Th 23 Req 795 SessId R0000008f-01-5ecfc354] ERROR RadiusServer.Radius - rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed
2020-05-28 14:57:41,275 [Th 23 Req 795 SessId R0000008f-01-5ecfc354] ERROR RadiusServer.Radius - rlm_eap_tls: TLS Handshake failed
Any help would be greatly appreicated.
Thanks