Reset Search
 

 

Article

Clients cannot authenticate to NAC because of TLS Alert Read: fatal access denied errors or missing FQDN name in certificate

« Go Back

Information

 
TitleClients cannot authenticate to NAC because of TLS Alert Read: fatal access denied errors or missing FQDN name in certificate
Symptoms
Devices authenticating using 802.1x are getting rejected from the Radius server with State description of TLS Alert read:fatal access denied error
Client Certificate error 1) User Cancelled, This handshake is being cancelled for some reason unrelated to a protocol failure
User-added image

 
Environment
NAC
Certificate
 
Cause
The fully qualified domain name of the NAC was not not added to the certificate that was generated.

User-added image

This should read NAC1.XXXX.net for example.

OR
You get that error when in the Windows NIC configuration you are validating the server certificate and you have either of the options checked.
1 -- validate server certificate and use this certificate (approx language but the first box below validate server certificate) is chosen but nothing is in the list
or
2 -- validate server certificate and you do not select the root certificate in the trust chain of the server certificate provided by the NAC appliances
Resolution
Will have to re-follow the steps in the article How To Generate A Certificate Signing Request (CSR) On A NAC Appliance
Make sure to follow step 2, where nac1.xxx.xxx is added.

OR 
Uncheck Options


 
Additional notes

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255