Hi,
We upgraded from 2.7 - 3.0 and then a few weeks ago from 3.0 to 3.1 (for some AzureAD functionality that we require) but since the upgrade we are now seeing devices get rejected from the corporate network with the errors below:
Event 5400 Authentication failed
Failure Reason 12508 EAP-TLS handshake failed
Resolution Check whether the proper server certificate is installed and configured for EAP in the System Certificates page ( Administration > System > Certificates > System Certificates ). Also ensure that the certificate authority that signed this server certificate is correctly installed in client's supplicant. Similarly, verify that the certificate authority that signed the client's certificate is correctly installed in the Trusted Certificates page (Administration > System > Certificates > Trusted Certificates). Check the previous steps in the log for this EAP-TLS conversation for a message indicating why the authentication failed. Check the OpenSSLErrorMessage and OpenSSLErrorStack for more information.
Root cause EAP-TLS handshake failed.
OpenSSLErrorMessage SSL alert: code=0x233=563 ; source=local ; type=fatal ; message="decrypt error.ssl/statem/statem_lib.c:561 error:1417B07B:SSL routines:tls_process_cert_verify:bad signature [error=337096827 lib=20 func=379 reason=123]"
OpenSSLErrorStack 140056563922688:error:0407E086:rsa routines:RSA_verify_PKCS1_PSS_mgf1:last octet invalid:crypto/rsa/rsa_pss.c:88:
Has anyone come across this issue before? We have a ticket open with TAC but it doesn't appear to be getting anywhere near being resolved... This is a major issue for us as users cannot authenticate.
Thanks in advance.
