The message "EAP-TLS: fatal alert by server - unknown_ca" means that ClearPass does not trust the client certificate that your client is sending.
Make sure that the client sends the correct certificate, in case is has multiple client certificates, and that ClearPass has the root (and if possible the intermediates as well) CA in the Trust List and enabled for EAP.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your HPE Aruba Networking partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact HPE Aruba Networking TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or HPE Aruba Networking.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 29, 2026 12:13 PM
From: hueso@fultonschools.org
Subject: Server Cert and Trusted CA Cert
my company just started using google workspace to have our Chromebook join our Wi-Fi, when trying to connect i keep getting the error below in ClearPass I've verified that the Root and intermediate certificates match on ClearPass and the client machine but still not successfully connecting. Any help would be greatly appreciated.
EAP-TLS: fatal alert by server - unknown_ca
TLS Handshake failed in SSL_read with error:1417C086:SSL
routines:tls_process_client_certificate:certificate verify failed
eap-tls: Error in establishing TLS session
-------------------------------------------