https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500780#M519380 <HTML><HEAD></HEAD><BODY><P>Hi there, thank you for the response, we are experiencing this issue on different clients, mostly Apple devices but have also experienced it on some Windows 7 PC's. Android devices are not affected.</P></BODY></HTML> Tue, 05 Dec 2017 07:20:45 GMT cgarthvdb 2017-12-05T07:20:45Z https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500777#M519375 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>I have an ISE deployment and we generated a MultiUse CSR and signed it using Comodo Public CA, the certificate works 100% when accessing the Portals (CWA) Admin etc however when authenticating a wireless client using PEAP some clients report a certificate trust error.</P><P></P><P>Has anyone experienced the same issue or know of a solution to this?</P><P></P><P>Regards</P><P>Garth</P></BODY></HTML> Mon, 04 Dec 2017 10:49:16 GMT https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500777#M519375 cgarthvdb 2017-12-04T10:49:16Z https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500778#M519376 <HTML><HEAD></HEAD><BODY><P>What clients? For ios devices you will need to manually trust the certificate upon initial connection even though it’s a valid certificate.</P><P></P><P>https://www.google.com/search?ei=UHYlWrKIL4W5ggfPnZrwDQ&amp;q=ios<EM>manual</EM>trust<EM>cert</EM>peap&amp;oq=ios<EM>manual</EM>trust<EM>cert</EM>peap&amp;gs_l=psy-ab.3..33i160k1l2.34357.35016.0.35204.5.5.0.0.0.0.137.475.1j3.4.0....0...1.1.64.psy-ab..1.4.475...33i22i29i30k1.0.RbyEieLab0Q</P></BODY></HTML> Mon, 04 Dec 2017 16:23:57 GMT https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500778#M519376 Jason Kunst 2017-12-04T16:23:57Z https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500779#M519378 <HTML><HEAD></HEAD><BODY><P>As Jason said, this is expected on many client operating systems. On Apple iOS, for example, it shows the certificate of ISE EAP server as "Not Verified" while using an ad-hoc Wi-Fi WPA2 enterprise connections. <A href="http://training.apple.com/pdf/WP_8021X_Authentication.pdf" title="http://training.apple.com/pdf/WP_8021X_Authentication.pdf">http://training.apple.com/pdf/WP_8021X_Authentication.pdf</A> says,</P><BLOCKQUOTE><TABLE border="1"><TBODY><TR><TD> <P>... <SPAN style="font-family: MyriadSet; font-size: 10pt; background-color: #ffffff;">The first time the user joins a device to an 802.1X-protected network, the device will prompt the user to trust the server’s certificate. </SPAN></P> </TD></TR></TBODY></TABLE></BLOCKQUOTE><DIV class="section" style="background-color: rgb(100.000000%, 100.000000%, 100.000000%);"><DIV class="column"><P></P></DIV></DIV><P>In order to make the certificate trusted, it needs included as part of a configuration profile installed via ISE BYOD, Apple Configurator 2, or a 3rd-party MDM.</P></BODY></HTML> Tue, 05 Dec 2017 03:49:34 GMT https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500779#M519378 hslai 2017-12-05T03:49:34Z https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500780#M519380 <HTML><HEAD></HEAD><BODY><P>Hi there, thank you for the response, we are experiencing this issue on different clients, mostly Apple devices but have also experienced it on some Windows 7 PC's. Android devices are not affected.</P></BODY></HTML> Tue, 05 Dec 2017 07:20:45 GMT https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500780#M519380 cgarthvdb 2017-12-05T07:20:45Z https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500781#M519382 <HTML><HEAD></HEAD><BODY><P>Thank you, unfortunately it is not only apple iOS devices, we are having the same issue on some corporate windows PC's.</P><P>This is very strange, I have logged a TAC with Cisco and am awaiting feedback.</P></BODY></HTML> Tue, 05 Dec 2017 07:22:45 GMT https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500781#M519382 cgarthvdb 2017-12-05T07:22:45Z https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500782#M519383 <HTML><HEAD></HEAD><BODY><P><A href="http://techgenix.com/discovering-advanced-client-settings-8021x/" title="http://techgenix.com/discovering-advanced-client-settings-8021x/">Discovering the Advanced Client Settings of 802.1X - TechGenix</A></P><P> might help.</P><P></P><P>The native supplicant on Windows client OS by default validates the server certificate of EAP servers and also often prompts to confirm the authenticating EAP server associated with the expected Wi-Fi network ID.</P></BODY></HTML> Tue, 05 Dec 2017 09:02:55 GMT https://community.cisco.com/t5/network-access-control/untrusted-certificate-when-performing-peap-authentication/m-p/3500782#M519383 hslai 2017-12-05T09:02:55Z