what type of client it is? if

Akaffou Aristide Akaffou · ‎07-21-2014

Hi,

I have a ISE certifiacte issue when I try to authenticate wireless user with ISE. He show me this:

12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate

Please can you help me?

Regards

Aristide

Saurav Lodh · ‎07-21-2014

what type of client it is? if windows , please opt out option < validate server certificate > from Wireless adapter properties

Akaffou Aristide Akaffou · ‎07-22-2014

Hi Salodh,

It is a Windows client.

nspasov · ‎07-21-2014

This pretty much means that the authenticating client is not trusting the certificate that is installed in ISE. That certificate is used to build the EAP tunnel that would be used to pass the PEAP credentials. So a couple of questions:

1. What certificate do you have installed in ISE for EAP?

2. What certificate is the supplicant set to trust

Thank you for rating helpful posts!

Akaffou Aristide Akaffou · ‎07-22-2014

Hi Neno,

I have installed the Windows server 2008R2 certificate, the supplicant is set tç trust to Root-CA certificate.

Regards,

Aristide

mohanak · ‎07-22-2014

Please check the link:

https://supportforums.cisco.com/discussion/11697966/cisco-ise-authentication-failed-because-client-reject-certificate

Venkatesh Attuluri · ‎06-18-2015

supplicant or client machine is not accepting the certificate from Cisco ISE. make sure cert is usage is selected for EAP, expiry date, checked default allowes protocols on ISE, validate server certificate is not selected.. set it to trust the ISE certificate . you can try to remove wireless network profile and recreate