Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
5
Replies

Cisco ISE SSL/TLS Authentication Failures

Sukru Erdal
Level 1
Level 1

‎08-19-2014 12:08 AM - edited ‎03-10-2019 09:57 PM

Domain Computer authentication (SSL/TLS not checked in computers) is being used in a network. Microsoft Windows 7 is the operating system of clients. In Cisco ISE SSL/TLS failure messages are noticed:

"PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate" Funny thing is no SSL/TLS is active in the network. How is this possible?

Labels:
0 Helpful
5 Replies 5

Sukru Erdal
Level 1
Level 1
In response to mohanak

‎08-19-2014 05:03 AM

Actually I've already checked this post. However, the client computer is not configured to validate server certificate.

0 Helpful

nspasov
Cisco Employee
Cisco Employee
In response to Sukru Erdal

‎08-21-2014 09:09 AM

Can you post screenshots of the supplicant's configuration?

0 Helpful

Stephen McBride
Level 1
Level 1

‎08-21-2014 03:13 PM

I have intermittently had this issue with ISE in most builds for the better part of a year or so. SOme days everyting is fine other days this occurs for hosts even when validate is not ticked. Tell me about the server certificate on the ISE policy node - is it a wildcard certificate?

0 Helpful

Saurav Lodh
Level 7
Level 7

‎08-21-2014 03:51 PM

what kind of Certificate ISE is using? self signed or 3rd party? I will suggest you to generate the ISE's Local certificate again.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents