cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
 
Register for the monthly ISE Webinars to learn about ISE configuration and deployment.
Choose one of the topics below to view our ISE Resources to help you on your journey with ISE

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

2224
Views
6
Helpful
3
Replies
Highlighted
Beginner

Android : unable to download profile.( ssl peer verification failed )

Hello ISE experts

I'm facing different kind of issue with the BYOD On Boarding for Android devices

Background: I am trying to setup WI-FI Test lab setup with Dual SSID for Mobile On-boarding and Provisioning. When Tried to registering Android Mobile phone on On boarding WLAN, Authentication and registration works successfully. But after when try to download certificate from Cisco Network assistant App. It gives quite different error ( image attached) " unable to download profile.( ssl peer verification failed )" Please advise..!

WLC - 8.0.133 ( Internal and Anchor WLC)

ISE - 1.3 Patch 1,2 & 5 ( ISE Admin in Internal Network & in ISE -PSN in DMZ)

Window 2012 AD server integrated with ISE-PSN in DMZ

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Android : unable to download profile.( ssl peer verification failed )

The error implies the NSA for Android unable to establish a good connection to the ISE PSN and likely due to some certificate exchange issue.

First of all, please get the client debug log "spw.log", which is usually located on Android /sdcards/downloads/spw.log, and check for the detail error in it. Secondly, you may perform a packet capture between the endpoint and ISE PSN and use Wireshark or the like to check the SSL exchanges. SSL - The Wireshark Wiki has info how to do it with Wireshark.

Please note that Cisco Identity Services Engine Software Version 1.3 - Cisco has reached the end of the SW maintenance so I would urge you to upgrade to a later release.

3 REPLIES 3
Cisco Employee

Re: Android : unable to download profile.( ssl peer verification failed )

The error implies the NSA for Android unable to establish a good connection to the ISE PSN and likely due to some certificate exchange issue.

First of all, please get the client debug log "spw.log", which is usually located on Android /sdcards/downloads/spw.log, and check for the detail error in it. Secondly, you may perform a packet capture between the endpoint and ISE PSN and use Wireshark or the like to check the SSL exchanges. SSL - The Wireshark Wiki has info how to do it with Wireshark.

Please note that Cisco Identity Services Engine Software Version 1.3 - Cisco has reached the end of the SW maintenance so I would urge you to upgrade to a later release.

Beginner

Re: Android : unable to download profile.( ssl peer verification failed )

Many thanks hslai, That error has gone after replacing ISE-PSN IP address with Hostname FQDN in Byod Portal.

But now I am getting new kind of error

IMG-20180226-WA0005.jpg

Beginner

Re: Android : unable to download profile.( ssl peer verification failed )

My Issue resolved after following checks. Thanks

- Imported Apex & Plus license in ISE provided by Cisco Tac

- Enabled Profiler feed update and posture database update in ISE settings

- Enabled Proxy settings on ISE to allow get update from Cisco site