Hello All,
<div><br></div><div>I have configured a server to test EAP-TLS.</div><div><br></div><div>Created the CA, a server and one client certificate.</div><div>The same client certificate was then installed on three different devices; OSX, Windows 7 and an Android 4.2.</div>
<div><br></div><div>All is well, all the devices can authenticate successfully, however, every now and again I can see similar entries in the log like the one below.</div><div><br></div><div>A failure.</div><div><div>Thu Mar 7 14:30:57 2013 : Error: TLS Alert write:fatal:handshake failure</div>
<div>Thu Mar 7 14:30:57 2013 : Error: TLS_accept: error in SSLv3 read client certificate B</div><div>Thu Mar 7 14:30:57 2013 : Error: rlm_eap: SSL error error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate</div>
<div>Thu Mar 7 14:30:57 2013 : Error: SSL: SSL_read failed in a system call (-1), TLS session fails.</div><div>Thu Mar 7 14:30:57 2013 : Auth: Login incorrect (TLS Alert write:fatal:handshake failure): [wifiuser] (from client CiscoAP port 289 cli 10-68-3F-48-41-46)</div>
<div><br></div><div>Then a success soon after from the same device (this is the Android one)</div><div>Thu Mar 7 14:32:10 2013 : Auth: Login OK: [wifiuser] (from client CiscoAP port 291 cli 10-68-3F-48-41-46)</div></div>
<div><br></div><div>Very occasionally the Android device would give up and not attempt to reauthenticate.</div><div><br></div><div>The AP is set to reauthenticate clients every 10 minutes. (a rickety old Cisco Aironet 1200).</div>
<div><br></div><div>Has anyone seen this before?</div><div><br></div><div>Thanks in advance,</div><div>Bertalan</div><div><br></div><div><br></div>