Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
65893
Views
5
Helpful
15
Replies

ISE Problem: EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain

Go to solution
jrodriguez
Level 1
Level 1

‎05-24-2013 05:07 AM - edited ‎03-10-2019 08:27 PM

Hello, I´m stucked with this problem for 3 weeks now.

I´m not able to configure the EAP-TLS autentication.
In the "Certificate Store" of the ISE server I have Installed the Root, policy and the Issuing certificates as "trust for client authentication",and in the Local store I have a certificate issuing for the same issuing authority which sign the thw client ones.
The ISE´s certificate has been issued with the "server Authentication certificate" template.
The clients have installed the certificates  also the certificate chain.
When I try to authenticate the wireless clients I allways get the same error: "     Authentication failed : 12514 EAP-TLS failed SSL/TLS handshake because of an unknown CA in the client certificates chain"
and "OpenSSLErrorMessage=SSL alert
code=0x230=560 ; source=local ; type=fatal ; message="Unknown CA - error self-signed certificate in chain",OpenSSLErrorStack=  1208556432:error:140890B2:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:no certificate returned:s3_srvr.c:2720"
I don´t know what else can I do.

Thank you
Jorge

7 people had this problem
Labels:
0 Helpful
15 Replies 15

Go to solution
aravikumar
Level 1
Level 1
In response to ajc

‎08-07-2019 10:29 AM

Hello,

 

Thanks for your response. we have a mdm onboarded iphone which is configured for EAP-TLS. we are getting this error even though the options you mentioned are enabled for CA. 

 

we are getting this error "EAP-TLS failed SSL/TLS handshake after a client alert"

 

Thanks,

 

Aravind.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents