Security

What are you doing for the RADIUS certificate on ClearPass and have you established the trust relationship for that RADIUS certificate CA on the client device?  Are you provisioning the Wi-Fi settings with Intune as well?

generally that error message indicates that the CA trust chain is not upload to ClearPass.

you need to navigate to  Administration » Certificates » Trust List

What are you doing for the RADIUS certificate on ClearPass and have you established the trust relationship for that RADIUS certificate CA on the client device?  Are you provisioning the Wi-Fi settings with Intune as well?

What are you doing for the RADIUS certificate on ClearPass and have you established the trust relationship for that RADIUS certificate CA on the client device?  Are you provisioning the Wi-Fi settings with Intune as well?

I've got EAP-TLS working for Macbook using SCEP certificates and WiFi payloads pushed from other MDMs.

Key things to check/configure:

1. Root and Intermediate certificates trusted on the device
2. WiFi configuration payload
   1. Security: Enterprise 
   2. Type: EAP-TLS
   3. ClearPass Onboard root certificate selected as the trust certificate 
   4. ClearPass server names listed  as the trusted certificate names

Here's a couple of KB's that go into further details.

https://learn.microsoft.com/en-us/intune/intune-service/configuration/wi-fi-settings-macos

https://support.apple.com/en-au/guide/deployment/depabc994b84/web

https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_-_EAP-TLS_Client_Configuration_(Windows%2C_macOS_and_iOS)

Hi Tobi,

Thanks for your response. I have managed to fix the issues by creating new radius server for CPPM. but now windows shows the certificate warning message when connecting SSID. 

Could you please confirm whether a radius server certificate would shows the root certificate details when imported to CPPM.

Hi Tobi,

Thanks for your response. I have managed to fix the issues by creating new radius server for CPPM. but now windows shows the certificate warning message when connecting SSID. 

Could you please confirm whether a radius server certificate would shows the root certificate details when imported to CPPM.

Your RADIUS server certificate, is it issued by the Onboard CA, or another CA?

If the RADIUS server certificate is issued by another CA you must trust this certificate chain on the client side as well, and also configure the 802.1x WLAN profile to allow this CA chain to be utilized for the authentication, as mentioned by @tobi.coonan

Hi Tobi,

Thanks for your response. I have managed to fix the issues by creating new radius server for CPPM. but now windows shows the certificate warning message when connecting SSID. 

Could you please confirm whether a radius server certificate would shows the root certificate details when imported to CPPM.

I've got EAP-TLS working for Macbook using SCEP certificates and WiFi payloads pushed from other MDMs.

Key things to check/configure:

1. Root and Intermediate certificates trusted on the device
2. WiFi configuration payload
   1. Security: Enterprise 
   2. Type: EAP-TLS
   3. ClearPass Onboard root certificate selected as the trust certificate 
   4. ClearPass server names listed  as the trusted certificate names

Here's a couple of KB's that go into further details.

https://learn.microsoft.com/en-us/intune/intune-service/configuration/wi-fi-settings-macos

https://support.apple.com/en-au/guide/deployment/depabc994b84/web

https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_-_EAP-TLS_Client_Configuration_(Windows%2C_macOS_and_iOS)

Your RADIUS server certificate, is it issued by the Onboard CA, or another CA?

If the RADIUS server certificate is issued by another CA you must trust this certificate chain on the client side as well, and also configure the 802.1x WLAN profile to allow this CA chain to be utilized for the authentication, as mentioned by @tobi.coonan

Hi Tobi,

Thanks for your response. I have managed to fix the issues by creating new radius server for CPPM. but now windows shows the certificate warning message when connecting SSID. 

Could you please confirm whether a radius server certificate would shows the root certificate details when imported to CPPM.

I've got EAP-TLS working for Macbook using SCEP certificates and WiFi payloads pushed from other MDMs.

Key things to check/configure:

1. Root and Intermediate certificates trusted on the device
2. WiFi configuration payload
   1. Security: Enterprise 
   2. Type: EAP-TLS
   3. ClearPass Onboard root certificate selected as the trust certificate 
   4. ClearPass server names listed  as the trusted certificate names

Here's a couple of KB's that go into further details.

https://learn.microsoft.com/en-us/intune/intune-service/configuration/wi-fi-settings-macos

https://support.apple.com/en-au/guide/deployment/depabc994b84/web

https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_-_EAP-TLS_Client_Configuration_(Windows%2C_macOS_and_iOS)

I believe we need to upload the root cert and intermediate cert and push to the devices from intune. and confiugre scep profile for user certificate. for EAP-TLS authentication need to push wi-fi profile and wired profile.

do we need to upload the radius cert to the user devices?

Your RADIUS server certificate, is it issued by the Onboard CA, or another CA?

If the RADIUS server certificate is issued by another CA you must trust this certificate chain on the client side as well, and also configure the 802.1x WLAN profile to allow this CA chain to be utilized for the authentication, as mentioned by @tobi.coonan

Hi Tobi,

Thanks for your response. I have managed to fix the issues by creating new radius server for CPPM. but now windows shows the certificate warning message when connecting SSID. 

Could you please confirm whether a radius server certificate would shows the root certificate details when imported to CPPM.

The clients need to trust the root and intermediate certificates. You don't need to upload the RADIUS server certificate to the clients.

Can you provide information about your 802.1x profile configuration?

I believe we need to upload the root cert and intermediate cert and push to the devices from intune. and confiugre scep profile for user certificate. for EAP-TLS authentication need to push wi-fi profile and wired profile.

do we need to upload the radius cert to the user devices?

Your RADIUS server certificate, is it issued by the Onboard CA, or another CA?

If the RADIUS server certificate is issued by another CA you must trust this certificate chain on the client side as well, and also configure the 802.1x WLAN profile to allow this CA chain to be utilized for the authentication, as mentioned by @tobi.coonan

Hi Tobi,

Thanks for your response. I have managed to fix the issues by creating new radius server for CPPM. but now windows shows the certificate warning message when connecting SSID. 

Could you please confirm whether a radius server certificate would shows the root certificate details when imported to CPPM.

I've got EAP-TLS working for Macbook using SCEP certificates and WiFi payloads pushed from other MDMs.

Key things to check/configure:

1. Root and Intermediate certificates trusted on the device
2. WiFi configuration payload
   1. Security: Enterprise 
   2. Type: EAP-TLS
   3. ClearPass Onboard root certificate selected as the trust certificate 
   4. ClearPass server names listed  as the trusted certificate names

Here's a couple of KB's that go into further details.

https://learn.microsoft.com/en-us/intune/intune-service/configuration/wi-fi-settings-macos

https://support.apple.com/en-au/guide/deployment/depabc994b84/web

https://documentation.meraki.com/Access_Manager/Access_Manager_Configuration_Guides/Access_Manager_-_EAP-TLS_Client_Configuration_(Windows%2C_macOS_and_iOS)