Re: EAP-TLS or PEAP authentication failed during SSL handshake.

somebody314 · ‎04-03-2008

I get an error when I want to authenticate a user which is using smart card to log into a win 2003 VPN server which uses Cisco Secure ACS 4.0 as AAA Server.

When I use password the is no problem but when using smart card I see this error! In the CSAuth.Log file this error message is shown: "bad record mac" Could anyone please help me with this error message?

Jagdeep Gambhir · ‎04-03-2008

Hi ,

"EAP-TLS or PEAP authentication failed during SSL handshake"

1. Certificate corruption so can try to reinstall the certificates.

2. No root CA certificate installed on client and "Validate Server Certificate" is

enabled on client.

Make sure you have certs installed properly.

Regards,

~JG

somebody314 · ‎04-04-2008

Hi,

Thanks for your help, I re-installed root certificate in ACS machine and client and unchecked server certificate validation in client side connection options but still the problem is not solved.

I think that the certificate on the smart card might have some wrong properties. Here I have listed key properties of the certificate on my smart card, Do you see anything wrong here?

Enhanced Key Usage= Client Authentication, Smart Card Logon

Key Usage= Digital Signature, Non-Repudiation, Key Encipherment, Data Encipherment

A yellow exclamation mark is shown on the key usage icon which means tha key usage field is critical.

Thanks

EAP-TLS or PEAP authentication failed during SSL handshake. !!???