Security

Reply
Occasional Contributor II

EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Hello,

 

I have an 802.1x SSID, secured with a Digicert Wildcard certificate.  My Apple iPhone can connect fine and is presented with the certificate to accept.  

 

An unmanaged Windows device however cannot connect, and below is what I see in access tracker:

 

EAP-PEAP: fatal alert by client - access_denied
TLS session reuse error

 

I know I can probably push the certificate for clearpass through Group Policy for managed machines, but it doesn't help me for BYOD.

 

halp!

Guru Elite

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Do not use a wildcard as the EAP server certificate.

Acquire a standard, single domain name generic certificate for this use (ex: network-auth.domain.xyz, etc).


| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Occasional Contributor II

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

I bet that's why it works fine with iOS but not Windows.  

Guru Elite

Re: EAP-PEAP Clearpass Error 215 Fatal Alert by Client

Yes. For security reasons, Windows rejects a wildcard cert for EAP (which is a good thing).

| Tim Cappalli | Aruba Security | @timcappalli | timcappalli.me |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: