Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

ISE certifiacte issue


I have a ISE certifiacte issue when I try to authenticate wireless user with ISE. He show me this: 

12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate12321 PEAP failed SSL/TLS handshake because the client rejected the ISE local-certificate


Please can you help me?





what type of client it is? if

what type of client it is? if windows , please opt out option < validate server certificate > from Wireless adapter properties

Hi Salodh,It is a Windows

Hi Salodh,

It is a Windows client.

Cisco Employee

This pretty much means that

This pretty much means that the authenticating client is not trusting the certificate that is installed in ISE. That certificate is used to build the EAP tunnel that would be used to pass the PEAP credentials. So a couple of questions:

1. What certificate do you have installed in ISE for EAP?

2. What certificate is  the supplicant set to trust

Thank you for rating helpful posts!

Hi Neno,I have installed the

Hi Neno,

I have installed the Windows server 2008R2 certificate, the supplicant is set tç trust to Root-CA certificate.



Cisco Employee
Cisco Employee

supplicant or client machine

supplicant or client machine is not accepting the certificate from Cisco ISE. make sure cert is usage is selected for EAP, expiry date, checked default allowes protocols on ISE, validate server certificate is not selected.. set it to trust the  ISE certificate . you can try to remove wireless network profile and recreate

CreatePlease login to create content