Security

Reply
Highlighted
Occasional Contributor II

EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Hello,

 

I have an 802.1x SSID, secured with a Digicert Wildcard certificate.  My Apple iPhone can connect fine and is presented with the certificate to accept.  

 

An unmanaged Windows device however cannot connect, and below is what I see in access tracker:

 

EAP-PEAP: fatal alert by client - access_denied
TLS session reuse error

 

I know I can probably push the certificate for clearpass through Group Policy for managed machines, but it doesn't help me for BYOD.

 

halp!

Highlighted
Moderator

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Do not use a wildcard as the EAP server certificate.

Acquire a standard, single domain name generic certificate for this use (ex: network-auth.domain.xyz, etc).



If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Highlighted
Occasional Contributor II

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

I bet that's why it works fine with iOS but not Windows.  

Highlighted
Moderator

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Yes. For security reasons, Windows rejects a wildcard cert for EAP (which is a good thing).


If this response is more than 1 year old, it may no longer be accurate. Please consult official Aruba documentation, TAC or your Aruba SE.

| Aruba Alumni | @timcappalli | timcappalli.me |

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: