Meraki

Community

Access Manager > EAP-TLS Client Configuration. Step 6 is impossible?

Jhippleheuser
Conversationalist
Tuesday
Tuesday

Access Manager > EAP-TLS Client Configuration. Step 6 is impossible?

Edit: I might be dumb but I think this is an issue with the laptop being intune-joined

 

 

I feel like I'm going crazy trying to enable cert-based auth for my test network because I keep going into my advanced wifi settings and trying to do what's shown below and I can't get more than one Trusted Root CA enabled at a time. If I select two, and click OK one of them just de-selects and I think that's the reason why I'm running into a TLS handshake problem when I attempt to connect.

 

Anyone else having this problem?

 

image.png

0 Kudos
3 Replies 3
PhilipDAth
Kind of a big deal
Kind of a big deal
Tuesday
Tuesday

You should definitely be able to select more than one certificate.

 

If this is a manual setup, I would untick "Verify the server's identity", and then get that working.

Once you have that base working, come back and add certificate validation.

 

Also note that I can only use "Simple certificate selection" without additional config maybe 50% of the time.  If you only have one certificate in your user store - then no problems.  Otherwise, you might need to add certificate selection criteria to make it choose the correct certificate.

0 Kudos
In response to PhilipDAth
Jhippleheuser
Conversationalist
Wednesday
Wednesday

So I've noticed that on my personal laptop I'm able to select multiple trusted CAs but on any of my intune-joined laptops I can select multiple but when I go back in to verify the settings only one will stay selected.

 

I went and disabled verifying the servers identity and I'm still getting a TLS handshake failure. In my cert manager under local computer > personal > certificates I have several certificates for client auth. How do I go about selecting which certificate I want my laptop to present?

0 Kudos
In response to Jhippleheuser
PhilipDAth
Kind of a big deal
Kind of a big deal
Friday
Friday

Configure the certificate selection criteria here:

PhilipDAth_0-1766780166531.png

 

Often, matching the certificate issuer is sufficient.

 

Also, check the session log in Access Manager to see if it is giving any hints.

PhilipDAth_1-1766780192527.png

 

Have you uploaded your certificate issuer certificate (aka, your root CA) into Access Manager?

PhilipDAth_2-1766780249682.png

 

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
© 2025 Cisco Systems, Inc.