EAP-TLS or PEAP Authentication Failed During SSL Handshake
Article ID: 177495
Updated On:
Products
Network Access Control
Issue/Introduction
Why is EAO-TLS or PEAP authentication failing during ssl handshake?
Symptoms
Failed logon error: EAP-TLS or PEAP authentication failed during SSL handshake
Symptoms
Failed logon error: EAP-TLS or PEAP authentication failed during SSL handshake
Cause
This failure occurs when:
•The server validation is not configured correctly on the client.
•The machine certificate is not provisioned on the machine (when used with EAP-TLS).
•Unable to provide a user certificate for authentication.
•The AAA server certificate has expired.
•The Root CA certificate is not installed or is not installed correctly on the client.
•The same CA certificate is used for intermediate CA or Root CA certificate: Root CA duplication.
Resolution
If the Certification Authority (CA) or CISCO ACS (ACS) certificates have expired or are missing, distribute, renew, or update the certificates to the clients trusted root certificate store. Check if Network Time Protocol (NTP) is enabled on the client and ACS. Install the appropriate CA certificate on your system as Authenticated in-band PAC Provisioning requires a valid Trusted Root CA certificate.
We do not recommend self-signed certificates. Use a CA instead.
References
http://www.ciscosystems.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1.3/troubleshooting/guide/ecodes.html
We do not recommend self-signed certificates. Use a CA instead.
References
http://www.ciscosystems.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1.3/troubleshooting/guide/ecodes.html
Feedback
Yes
No
Powered by
