I have an deployment, ISE 1.2, were Im trying to run EAP-TLS with computer certificates.
There is only on PKI, with a root CA and a intermediate issuing CA.
When we try to authenticate the client we get:
Event 5400 Authentication failed
Failure Reason 12508 EAP-TLS handshake failed
For troubleshooting we have tried to import root and issuing certificates from the client to ISE.
We have compared serial numbers on all certificates and they match.
I have checked with Wireshark and I see the client present client-cert and issuing, from ISE there is client-cert, issuing and root.
I have tried to change CN to SAN to SAN DNS.
If I run user certificate from the client it works like it should, and that show me that the root and issuing certificate are ok on ISE.
Any good tip on what could be wrong?
Or maybe an example of a computer CA template that can be used for auto enrollment with AD? :-)