We run an EAP/TLS wireless network. As such, we have certificates which expire on a regular basis. There is a not very small population of users who never notice that their certificate expired.
I *do* see RADIUS failures in CPPM Access Tracker with the RADIUS alert of:
EAP-TLS: fatal alert by server - certificate_expired TLS Handshake failed in SSL_read with error:14089086:SSL routines:ssl3_get_client_certificate:certificate verify failed eap-tls: Error in establishing TLS session |
Is there any easy way to get a report on failed EAP-TLS transactions with a "certificate_expired" message from ClearPass?