Hi team,
We've run into a strange problem we've never encountered before.
We have deployed machine certificates from a Microsoft CA which we use for 802.1X auth.
ISE system certificate for EAP auth is self-signed, and deployed as trusted on the client.
The clients issuer certificated is installed as trusted in ISE.
When testing out the authentication on the Windows client we get the following errors:
| Event |
5400 Authentication failed |
| Failure Reason |
12508 EAP-TLS handshake failed |
| Resolution |
Check whether the proper server certificate is installed and configured for EAP in the System Certificates page ( Administration > System > Certificates > System Certificates ). Also ensure that the certificate authority that signed this server certificate is correctly installed in client's supplicant. Similarly, verify that the certificate authority that signed the client's certificate is correctly installed in the Trusted Certificates page (Administration > System > Certificates > Trusted Certificates). Check the previous steps in the log for this EAP-TLS conversation for a message indicating why the authentication failed. Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information. |
| Root cause |
EAP-TLS handshake failed. |
| |
| OpenSSLErrorMessage |
SSL alert: code=0x228=552 ; source=local ; type=fatal ; message="handshake failure.ssl/statem/statem_srvr.c:3787 error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate [error=337100999 lib=20 func=380 reason=199]"
|
| OpenSSLErrorStack |
140691845297920:error:1417C0C7:SSL routines:tls_process_client_certificate:peer did not return a certificate:ssl/statem/statem_srvr.c:3787: |
|
|
