FIPS mode won't do anything useful, if you try to authenticate your 7925 using EAP-TLS.Let me try to explain:When using EAP-TLS, the client (7925 in this case) has to trust your authentication server ca (your ISE) and otherwise. To accomplish this, y...

yes, CiscoRootCA is fine.But your ISE certificates must be SHA-1 as well.

Hi Jatin Katyal,yes, the ISE suppports SHA-256, but the Phones don't. That's why the log says "12815  Extracted TLS Alert message" and "The request sent by the client was syntactically incorrect" and "12521 EAP-TLS failed SSL/TLS handshake after a cl...

Hi everybody,what signature algorithm does your ISE certificate (and the chained certificates as well) use?My certificate in my lab uses sha1. -> no access problem.A customers's ISE uses sha256. -> problem mentioned above.Could you please confirm?!Do...

Hi,thanks for the information.But all certificates imported to the phone have only 2048 bit keys...What now?