ā01-05-2017 09:36 PM - edited ā03-11-2019 12:20 AM
Hi,
I have deployed ISE version 2.0.0.306 nodelist.version.label.patch in which we are receiving one error related to one node as :
12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate
So please suggest what is the way out for it.
Sudhir
ā01-06-2017 04:49 AM
What supplicant are you using for your PEAP session? Windows Native or Anyconnect? You would have ti uncheck validate server certificate option on both if the ISE is presenting a self-signed cert or a certificate not trusted by the client. If only one client is receiving this message and everyone else works ok, I would check the client certificate store to see if the CA cert of CA issuing the ISE cert is present in the "Trusted Root Certificate Authority" Store.
ā01-09-2017 10:03 PM
Rahul first of all Thanks for your comments..
we are using windows native as we have around 350 windows machines but 3-4 machines are giving this kind of error so let me check the certificates of those nodes.
But one confusion how will i come to know that ISE cert is present or not.
ā01-10-2017 12:06 AM
Sudhir If you are using IE then go to Internet Option->Content->Certificates->Trusted Root Certificate Authority and look for Certificate issued by ISE.
ā01-10-2017 05:03 AM
You can look for user certificates as Ravi mentioned above. I would also look at the following for local machine certificate store:
1) Open Run and type "mmc". This will open Microsoft Management Console.
2) File > Add remove Snap-in.
3) Choose certificates > Choose local computer account.
4) Check for ISE EAP cert under trusted root Authorities of computer account.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide