Clients cannot authenticate to NAC because of TLS Alert Read: fatal access denied errors or missing FQDN name in certificate
Devices authenticating using 802.1x are getting rejected from the Radius server with State description of TLS Alert read:fatal access denied error Client Certificate error 1) User Cancelled, This handshake is being cancelled for some reason unrelated to a protocol failure
The fully qualified domain name of the NAC was not not added to the certificate that was generated.
This should read NAC1.XXXX.net for example.
OR You get that error when in the Windows NIC configuration you are validating the server certificate and you have either of the options checked. 1 -- validate server certificate and use this certificate (approx language but the first box below validate server certificate) is chosen but nothing is in the list or 2 -- validate server certificate and you do not select the root certificate in the trust chain of the server certificate provided by the NAC appliances