This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.
We were testing “MDM onboarded mobile device connecting to 802.1x SSID use case” in our environment. The user certificate was pushed from MDM to the test mobile endpoint along with the 802.1x settings (EAP-TLS). While connecting the endpoint to the 802.1x configured SSID, the endpoint was unable to join the network and therefore it failed authentication. The reason is that ISE was not receiving the user certificate that was configured from the endpoint during the certificate exchange. We verified this with TAC by doing a packet capture on ISE. But the user certificate was installed on the endpoint and is signed by both the root CA and the intermediate CA. In this case the test endpoint is iPhone. Is iPhone rejecting the certificate presented by ISE?
Solved! Go to Solution.
Thank you for your response. By ISE cert you mean exporting the system certificates (configured for EAP) and pushing it down to the iPhone along with the root and intermediate cert?