Buy or Renew
Buy or Renew
Cisco Virtual Engineer generative AI bot now active in Wireless Discussion Forum. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1794
Views
0
Helpful
4
Replies

802.1x ISE with computer certificates

talmadari
Level 1
Level 1

‎05-18-2014 05:28 AM - edited ‎07-05-2021 12:51 AM

Hello,

 

I'm trying to configure 802.1x policy on Cisco ISE (v1.2.x) which will authenticate devices using computer certificates.

i have configured the AP and the policy on the ISE server and when i'm trying to connect i'm getting an error message says:

"11514 Unexpectedly receive empty TLS message; treating as a rejection by the client"

Did anyone encountered this message with this kind of setup?

 

Thx,

Tal
 

Labels:
0 Helpful
4 Replies 4

Dan Lukes
VIP Alumni
VIP Alumni

‎05-18-2014 05:40 AM

No, but most possible reasons is - the client machine doesn't trust the Cisco ISE certificate.

The client machine must accept the Cisco ISE certificate to enable such king of authentication.

 

0 Helpful

talmadari
Level 1
Level 1
In response to Dan Lukes

‎05-18-2014 06:11 AM

Do i need also the ISE certificate on the client machine or the root CA certificate is enough?

0 Helpful

Dan Lukes
VIP Alumni
VIP Alumni
In response to talmadari

‎05-18-2014 08:20 AM

You didn't revealed even the basic things like the OS you have on client machine. It mean you have a version of Windows. Unfortunately, I'm no windows expert.

Your client needs to recognize Cisco ISE certificate as trusted. Root CA needs to be placed in appropriate certificate store - the machine store if you are configuring machine-level authentication, or the user store if you are configuring user-level authentication. Or elsewhere according requirements of your authentication client. Consult the documentation related to your OS and it's client setup. If there is a intermediate certificate then it needs to be delivered from server side to client during TLS handshake.

I wish a more skilled Windows user will give you better advice. I'm familiar with the principles, but I don't know where to click in Windows.

 

0 Helpful

kaaftab
Level 4
Level 4

‎05-20-2014 04:29 AM

if the client is rejecting the certificate check the wireless setting and uncheck the option in windows for verify there trusted certificate server usualy this happen in windows if the mentioned optioned it checked.Also make sure that you have set the authentication method as user and computer .

 

************Do rate Helpful posts***************

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card