I'm a bit puzzled on this one, and I don't even have a good hunch on this one.
I've got an internal-CA-signed server certificate. It includes the server certificate, the intermediate and the root chain on both clearpass VMs (in a cluster).
While most people want to get rid of the "windows cannot verify the server's identity." I'm at the point where I want to see it. Packet capture on clearpass on a non-domain windows laptop has data coming from the aruba controller (no alert on the machine, just spins.) If there's packets I see the events in the access tracker.
My Mac OS X eventually popped up the radius certificate in which I accepted. It authenticates with peap mschapv2 just fine.
However, on smartphones, and a domain-joined laptop (with a computer and user certificate installed) there is nothing that shows up in CPPM. No access tracker events, no RADIUS frames. I assume it is because the iphone can't validate the certificate, but why don't I get a prompt? Is there a way to understand what is failing here?
TAC brushed it off saying it was likely the controller. Controller is a 7205 on 8.3.0.5 code.