Security

last person joined: yesterday 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

Onboarding macbook air to EAP-TLS

This thread has been viewed 0 times

  • 1.  Onboarding macbook air to EAP-TLS

    Posted Jan 29, 2014 09:41 AM

    Hey folks.  Been running CPPM for 3 months or so, started on 6.1. up to 6.2.4 now.    Never was able to test onboarding a macbook air device until i had a user attempt to today, ios devices, android, windows devices all work fine.  I see the macbook device got a cert ok from my cppm server, which is running as a Local CA and my corporate CA running as the Root CA.   Though after registering the device and having the macbook reconnect, i see it failing in Access tracker.

     

    In the alert tab when it first attempts to reconnect i see this in the alerts tab:

     

     EAP-TLS: warning alert by client - close_notify

     

    In the logs I see:

     

    2014-01-29 08:28:38,477[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - TLS Alert read:warning:close notify
    2014-01-29 08:28:38,477[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - TLS_accept:failed in SSLv3 read client certificate A
    2014-01-29 08:28:38,477[Th 24 Req 187769 SessId R00002af6-03-52e90206] ERROR RadiusServer.Radius - rlm_eap_tls: SSL_read failed in a system call (-1), TLS session fails. error:140940E5:SSL routines:SSL3_READ_BYTES:ssl handshake failure

     

     

    Anyone seen anything like this before?  



  • 2.  RE: Onboarding macbook air to EAP-TLS

    EMPLOYEE
    Posted Jan 30, 2014 12:19 PM

    Did you install the root certificate?



  • 3.  RE: Onboarding macbook air to EAP-TLS

    Posted Jan 31, 2014 02:53 PM

    Pardon my lack of familiarity with Macbooks and OSX, where would I check this on the client?

     

    Unless your asking about the CPPM server itself, which definitely has the root cert installed on the server.



  • 4.  RE: Onboarding macbook air to EAP-TLS

    EMPLOYEE
    Posted Jan 31, 2014 02:55 PM

    Check in "Keychain Access" found in Applications > Utilities.



  • 5.  RE: Onboarding macbook air to EAP-TLS

    Posted Feb 03, 2014 04:37 PM

    Client has the root cert installed on their machine.  Like i mentioned, I see the cert that was generated on the CPPM onboarding database of registered devices/certificates. 

     

    Appreciate the thoughts, any other ideas of what to check?

     

    Thanks.



  • 6.  RE: Onboarding macbook air to EAP-TLS

    EMPLOYEE
    Posted Feb 03, 2014 05:07 PM

    Are you using https:?  If so, is the server certificate on CPPM public?

     



  • 7.  RE: Onboarding macbook air to EAP-TLS

    Posted Feb 05, 2014 03:59 PM

    Were using http.