Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1526
Views
0
Helpful
3
Replies

ISE Machine Cert Authentication Issue

fatalXerror
Level 5
Level 5

‎04-14-2021 01:50 AM

Hi Guys,

I have issue right now about EAP-TLS computer authentication, the ISE is rejecting the authentication and based on the ISE logs, 

 

"12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in theclient certificates chain"

 

I checked the certificate-chain of ISE and the certificate-chain of the endpoint, all matched but still the ISE is rejecting it and showing that failure reason.

 

Any idea how to resolve this?

 

Thank you.

0 Helpful
3 Replies 3

Marcelo Morais
VIP
VIP

‎04-14-2021 02:29 AM - edited ‎04-14-2021 02:30 AM

Hi @fatalXerror 

 please try to perform a manual Synchronization between the Nodes (Administration > System > Deployment) ... take a look at: CSCux69800 ISE 2.0 / EAP-TLS: unknown CA in the client certificates chain.

 Note: also take a look at an old bug: CSCtq31131 Sometimes need to delete some trust certs for the required certs to work (sometimes the Root and Intermediate CA are not properly imported into ISE and you must delete and re-add).

 

Hope this helps !!!

0 Helpful

fatalXerror
Level 5
Level 5
In response to Marcelo Morais

‎04-14-2021 03:13 AM

Hi, may i know how can I do a manual synchronization? Thanks

0 Helpful

Marcelo Morais
VIP
VIP
In response to fatalXerror

‎04-14-2021 05:34 AM

Hi,

 at Administration > System > Deployment > select a PSN > and click Syncup:

SYNC.png

 

Hope this helps !!!

0 Helpful
Customers Also Viewed These Support Documents