Reply To: ThinOS SCEP/802Ix authentication failed with ISE.

  • Total Post: 259
  • Jacked into The Matrix
  • ★★★★★★

Tried to edit my post and it timed out


Under Privacy and Security>SCEP:

Common Name: Use $TN or $SN, don’t add .crt or .cer or .pfx

Under Network Configuration>Ethernet Settings>802.1x Authentication Settings

  • Enable EAP Authentication: ON
  • Validate Server: OFF
  • Check Server: OFF
  • Server Name: blank (empty)
  • EAP Type: EAP-TLS (or whatever you use)
  • Client Certificate Filename: scep_cert_$SN.crt
  • Client Certificate Type: Machine

This is what works in my environment.  What I’ve found is leaving the Common Name as $SN or $TN don’t designate a certificate type (pfx, crt, cer).  My certificates import at SN.pfx or TN.pfx, but when I tell it to authenticate using the Client Certificate Filename it needs to be in the format of scep_cert_$SN.crt (or $TN) regardless that the imported cert is showing as SN.pfx (or $TN) in my list.  I think this is a legacy bug from earlier version of ThinOS 9 when the certificate actually got imported with the common name scep_cert_$SN.crt

Try that and see if it works for you.