I have set up a SBR Enterprise to use EAP-TLS for authenticating laptop user certificates on our wireless network. These certificates are issued by a in-house CA. The SBR has a device certificate issued by the same CA. This works great.
We also have mobile units that has user certificates from another in-house CA, this authetication is not so great. The reject log entry has this reject-reason: "TLS handshake failed". For me this looks like the radius does not recognise the user certificate.
Both in-house CA's have the same root server.
The root certificate and both CA certificates are added to Trusted Root Certificates on the SBR.
On a Juniper MAG with RADIUS license there is a possibility specify that it should recognise certificates from both CA's even if there is only a device certificate from one of them.
Does anyone know how I can make the SBR to recognise the certificates from both CA's?