I have configured a RADIUS profile to use a "Directory as a service" provider (JumpCloud) for authentication, I have tested this with LDAP and everything seems to work as intended but when I configure the Radius profiles and test authentication via the cli I get the following response
Failed EAPOL auth (-1). Response for user: "bob" from RADIUS server: "self signed certificate in certificate chain; unknown CA"
I have been through and installed the certificate chains for JumpCloud as well as the certificate they provide so I am not sure I understand exaclty what this certificate error is refering to.
Any help will be appreciated.
Please can you share more light on how you resolved this issue?
I'm having the same issue as well. However, this time, it is Palo Alto RADIUS authentication via Aruba ClearPass, using EAP-MSCHAPv2 as Authentication protocol. My experience in SSL certificates is not so fantastic.
Actually, an SSL certificate was installed on the RADIUS server (ClearPass) which I exported and imported into the Palo Alto firewall.
Patiently waiting for your feedback.
Hi @Marc_T ,
I'm having this exact same issue with JumpCloud RADIUS auth; any chance you could let us know what resolved the issue for you? I'v tried every possible version of certificates/certificate chains that I can think of, but still no luck. Would really like to know how you resolved this.
Hi @nolansuess ,
Its been a while since I used this so I hope all the information I have still configured in my firewall is still valid.
There are the certificates I had to install and then create a certificate profile from:
You should be able to download any updated certs from here: https://support.jumpcloud.com/support/s/article/jumpcloud-radius-certificate-for-eap-ttls-client-dep...
Once I had all that configured I created the Radius profile as per usual
Let me know if this helps
So... I was also getting the "self signed certificate in certificate chain; unknown CA" issues after following;
I just installed all the other ROOT and INTER CAs off the below repo, I then added them all to my certificate profile and I was able to auth with peap-mschapv2.. So I think the doc is out of date. I have raised a ticket with JC and once I have the definitive list I will post.
Heres the repo;
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!