cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3177
Views
0
Helpful
6
Replies

ISE certifiacte issue

Hi,

I have a ISE certifiacte issue when I try to authenticate wireless user with ISE. He show me this: 

12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate

 

Please can you help me?

 

Regards

Aristide

6 Replies 6

Saurav Lodh
Level 7
Level 7

what type of client it is? if windows , please opt out option < validate server certificate > from Wireless adapter properties

Hi Salodh,

It is a Windows client.

nspasov
Cisco Employee
Cisco Employee

This pretty much means that the authenticating client is not trusting the certificate that is installed in ISE. That certificate is used to build the EAP tunnel that would be used to pass the PEAP credentials. So a couple of questions:

1. What certificate do you have installed in ISE for EAP?

2. What certificate is  the supplicant set to trust

Thank you for rating helpful posts!

Hi Neno,

I have installed the Windows server 2008R2 certificate, the supplicant is set tç trust to Root-CA certificate.

Regards,

Aristide

Venkatesh Attuluri
Cisco Employee
Cisco Employee


supplicant or client machine is not accepting the certificate from Cisco ISE. make sure cert is usage is selected for EAP, expiry date, checked default allowes protocols on ISE, validate server certificate is not selected.. set it to trust the  ISE certificate . you can try to remove wireless network profile and recreate

Review Cisco Networking for a $25 gift card