02-08-2014 05:57 AM - edited 03-10-2019 09:22 PM
We are implementing wireless BYOD using Cisco ISE 1.2 and WLC 7.4x. We are using PEAP / MS-CHAP v2 for wireless security. We are able to on-board iOS, Adroid, and MAC OS endpoints using single SSID and Native supplicant provisiong seems to work fine with these endpoints. We are having issues with Windows clients. On Windows client, when the user selects the SSID, it is prompting for userid/password, but never gets a pop-up for server certificate. We are using a third party public wildcard certificate on ISE for HTTP/EAP authentication. On ISE, we are getting: 12511 Unexpectedly received TLS alert message; treating as a rejection by the client.
02-10-2014 09:41 AM
It seems you are running into an Internal bug where PEAP/TLS authentication fails on Windows when using a Wildcard Certificate. Other devices such as Android, MAC OS etc work fine. During testing, this was found to be an issue with blank CN. Does your certificate have a blank CN field as well?
Unfortunately the bug is not resolved yet, and still being worked on.
Thanks,
Aastha
*Please rate helpful posts*
02-11-2014 11:08 AM
12511 | EAP | Unexpectedly received TLS alert message; treating as a rejection by the client | While trying to negotiate a TLS handshake with the client, ISE received an unexpected TLS alert message. This might be due to the supplicant not trusting the ISE server certificate for some reason. ISE treated the unexpected message as a sign that the client rejected the tunnel establishment. | Warn |
07-31-2014 06:27 PM
<B>Symptom:</B> Some endpoint devices (Windows OS) have issues with wildcard cert when CN contains * (start) as wildcard the PEAP authentication fails due to "12511 Unexpectedly received TLS alert message; treating as a rejection by the client" <B>Conditions:</B> when the wildcard cert contains * (start) as wildcard in CN <B>Workaround:</B> create wildcard with * (start) e.g. CN= aaa.cisco.com
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide