New Contributor

EAP-TLS Unknown CA



We are using Instant APs, SSID auth is configured as .1x with CPPM.

On CPPM there is a Service with EAP-TLS.

Laptops which must use the SSID have machine certificates issued by Corporate CA.

We generated Server Certificate for CPPM and uploaded the Chain onto CPPM.

Authentication fails, we receive the following error:

EAP-TLS: fatal alert by server - unknown ca

error in establishing tls session


Please advise !

Guru Elite

Re: EAP-TLS Unknown CA

Make sure the root CA is installed on the client. 

Sent from Nine

| Tim Cappalli | Aruba Security | @timcappalli | |

NOTE: Answers and views expressed by me on this forum are my own and not necessarily the position of Aruba or Hewlett Packard Enterprise.
New Contributor

Re: EAP-TLS Unknown CA

it is

Trusted Contributor I

Re: EAP-TLS Unknown CA

check if you do termination on the IAP, you shouldn't.


also check if your client settings are correct for which CA should be trusted.

Search Airheads
Showing results for 
Search instead for 
Did you mean: