Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

802.1x ISE with computer certificates

Hello,

 

I'm trying to configure 802.1x policy on Cisco ISE (v1.2.x) which will authenticate devices using computer certificates.

i have configured the AP and the policy on the ISE server and when i'm trying to connect i'm getting an error message says:

"11514 Unexpectedly receive empty TLS message; treating as a rejection by the client"

Did anyone encountered this message with this kind of setup?

 

Thx,

Tal
 

4 REPLIES
VIP Gold

No, but most possible reasons

No, but most possible reasons is - the client machine doesn't trust the Cisco ISE certificate.

The client machine must accept the Cisco ISE certificate to enable such king of authentication.

 

New Member

Do i need the ISE certificate

Do i need also the ISE certificate on the client machine or the root CA certificate is enough?

VIP Gold

You didn't revealed even the

You didn't revealed even the basic things like the OS you have on client machine. It mean you have a version of Windows. Unfortunately, I'm no windows expert.

Your client needs to recognize Cisco ISE certificate as trusted. Root CA needs to be placed in appropriate certificate store - the machine store if you are configuring machine-level authentication, or the user store if you are configuring user-level authentication. Or elsewhere according requirements of your authentication client. Consult the documentation related to your OS and it's client setup. If there is a intermediate certificate then it needs to be delivered from server side to client during TLS handshake.

I wish a more skilled Windows user will give you better advice. I'm familiar with the principles, but I don't know where to click in Windows.

 

Silver

if the client is rejecting

if the client is rejecting the certificate check the wireless setting and uncheck the option in windows for verify there trusted certificate server usualy this happen in windows if the mentioned optioned it checked.Also make sure that you have set the authentication method as user and computer .

 

************Do rate Helpful posts***************

304
Views
0
Helpful
4
Replies