04-14-2021 01:50 AM
Hi Guys,
I have issue right now about EAP-TLS computer authentication, the ISE is rejecting the authentication and based on the ISE logs,
"12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in theclient certificates chain"
I checked the certificate-chain of ISE and the certificate-chain of the endpoint, all matched but still the ISE is rejecting it and showing that failure reason.
Any idea how to resolve this?
Thank you.
04-14-2021 02:29 AM - edited 04-14-2021 02:30 AM
Hi @fatalXerror
please try to perform a manual Synchronization between the Nodes (Administration > System > Deployment) ... take a look at: CSCux69800 ISE 2.0 / EAP-TLS: unknown CA in the client certificates chain.
Note: also take a look at an old bug: CSCtq31131 Sometimes need to delete some trust certs for the required certs to work (sometimes the Root and Intermediate CA are not properly imported into ISE and you must delete and re-add).
Hope this helps !!!
04-14-2021 03:13 AM
Hi, may i know how can I do a manual synchronization? Thanks
04-14-2021 05:34 AM
Hi,
at Administration > System > Deployment > select a PSN > and click Syncup:
Hope this helps !!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide