It will definitely check that it was signed by the Root CA and the public key must be inside the Trusted Certificate store with a check next to "Trust for authentication within ISE"
All devices would match against the policy that is why I mentioned a...
Brian,
There is a note listed below the continue options which reads "Authentications using EAP-TLS is not possible to continue processing when authentication fails or user is not found". Also your "NEVER" option is greyed out because you have selec...
Gaj,
Yes I'm very interested in what the fix was, you can email me at Rcoombz@me.com or share the fix on the thread. We are still having the issue so I'm banking on you. =)
Jan,
Sure there's certainly multiple workarounds for this. I would just suggesting something easy as it sounded like the user had 1.3 running. But I agree as well.
-Ryan
Netwerk - as a workaround, stand up a 1.3 server and generate your certs. Once signed, export your pub and pvk keys and import into 2.0. Obviously everything will need to match but it should work. If your using a wildcard it should be quick. If not...