Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Cisco Employee

ISE 1.2 / WLC 5508 EAP-TLS expired certificate error, but wireless still working

Hi I have a customer that we've deployed ISE 1.2 and WLC 5508s at.  Customer is using EAP-TLS with and everything appears to setup properly.  Users are able to login to the network and authenticate, however, frequently, I'm getting the following error in ISE authentication logs:

12516 EAP-TLS failed SSL/TLS handshake because of an expired certificate in the client certificates chain

OpenSSL messages are:

SSL alert: code=Ox22D=557 : source=local ; type=fatal : message="X509

certificate ex pi red"'

4 727850450.3616:error.140890B2: SS L

rOYbne s: SSL 3_  G ET _CL IE NT  _CE RT IF ICAT E:no ce rtific ate

relurned: s3_ srvr.c: 272 0

I'm not sure if this is cosmetic or if this is something that I should be tracking down.  System isn't in full production yet, but every client seems to be working and there is no expired cert in the chain.  Any ideas what to check?

Everyone's tags (7)