https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211382#M18850 <HTML><HEAD></HEAD><BODY><P>Yes, I believe so. </P><P>I retrieved the root cert from CA and installed on the client machine to trust CA and CA-signed entity. is that what you are asking? When i go IE&gt;Tools&gt;Internet Option&gt;Contents&gt;Certificate&gt;Trusted Root Cert, I can see the CA that signed Server Cert for ACS.</P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 04 Aug 2004 20:00:16 GMT uggie 2004-08-04T20:00:16Z https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211380#M18848 <P>it's killing me... my client is pressuring me big time for not being able to fix this issue!!! i might have to leave Cisco world if i dont fix this!</P><P></P><P>ok, i have the followings in my production; </P><P></P><P>AP1200 with 12.2(15)XR</P><P>ACS 3.3</P><P>MS CA server on the same box as ACS (win2000 sp3)</P><P>non-Cisco Card but CCXv2 (atheros supplicant)</P><P></P><P>LEAP works perrrrfect. but once switched to PEAP profile, i get this message "PEAP authentication failed during SSL handshake". I guess this is something to do with a cert. but I've gone thru CA installing procedure 1000 times already. no luck.</P><P></P><P>One thing i noticed before i got out of the office today, the ACS/CA box was on AA domain, and the user was BB domain. does it matter?? these domains may not trust each other or one-way trust... i don't have a clue right now.</P><P></P><P></P><P>One another thing, as i'm working on enterprise environment I wanted to accomplish to maintain a pretty good security level using PEAP with TKIP and some kinda key-management (wpa or cckm). and I noticed the following</P><P></P><P>even with LEAP,</P><P>* encryption mode tkip </P><P>* authentication key-management cckm</P><P></P><P>with the two options on, the client isn't even associating to the AP. </P><P></P><P>only combination that works is</P><P></P><P>* encryption mode tkip wep128</P><P>* authentication key-management cckm</P><P></P><P>or </P><P></P><P>* encryption mode tkip</P><P>* authentication key-management wpa</P><P></P><P>any clue?</P><P></P><P></P><P>many thanks in advance whoever share the life-saving knowledge!!!</P><P></P> Sun, 04 Jul 2021 16:51:53 GMT https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211380#M18848 uggie 2021-07-04T16:51:53Z https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211381#M18849 <HTML><HEAD></HEAD><BODY><P>Does your client system recognize the root certificate for your ACS's cert?</P></BODY></HTML> Wed, 04 Aug 2004 17:48:25 GMT https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211381#M18849 gamccall 2004-08-04T17:48:25Z https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211382#M18850 <HTML><HEAD></HEAD><BODY><P>Yes, I believe so. </P><P>I retrieved the root cert from CA and installed on the client machine to trust CA and CA-signed entity. is that what you are asking? When i go IE&gt;Tools&gt;Internet Option&gt;Contents&gt;Certificate&gt;Trusted Root Cert, I can see the CA that signed Server Cert for ACS.</P><P></P><P></P><P></P><P></P><P></P></BODY></HTML> Wed, 04 Aug 2004 20:00:16 GMT https://community.cisco.com/t5/wireless/peap-authentication-failed-during-ssl-handshake/m-p/211382#M18850 uggie 2004-08-04T20:00:16Z