EAP-TLS Wireless config profile issues

bmack99
Contributor III

We have an existing WPA2 Enterprise EAP-TLS wireless profile configured to utilize a root CA which issues workstation certificates - no issues, the config profile works, sets the network payload and AD certificate payload with no issues. Machines with this config profile installed are able to connect with no problems.

Where we are struggling and needing some assistance is with the following:

Configuration Profile configured for the same WPA2 Enterprise wireless SSID using:

-New Root CA
-New Intermediate cert
-New NPS(Radius) cert
-New Workstation cert

When this new config profile is deployed and the old removed the machine fails to connect to the SSID.

In checking the System Log for the eapolclient process (see: https://documentation.meraki.com/MR/Encryption_and_Authentication/Advanced_RADIUS_and_WPA2_Debugging_using_macOS)

We are seeing the following errors: "Trust evaluate failure: [leaf MissingIntermediate]" "server certificate not trusted status 6 0"

Is there anyone with a similar setup who has been successful? Most of the discussions I have found are centered around user based certificate authentication and not workstation certificates.

0 REPLIES 0