ClearPass Issue Overview
We are providing an update on the ongoing work to resolve a certificate issue affecting network authentication for wired and eduroam connections.
Issue Summary
On the evening of May 21, a scheduled update (CHG0116595) replaced the TLS certificates used by the Aruba ClearPass RADIUS service. This service supports authentication for both wired and wireless network access.
Following the update, some users—particularly ERIK and Advancement Windows users at University Square South—experienced authentication failures, resulting in P2 incident INC3298050. The change was rolled back, restoring service.
Root Cause
The issue was traced to the certificate trust chain. Newer clients validate against a Sectigo root certificate that is not currently trusted within our 802.1X configuration, causing authentication failures.
This was related to a cross-signed root certificate scenario, where expected compatibility did not function consistently across client devices.
Current Status
We have obtained and applied a new certificate that avoids the current trust issue. Beginning at 11 a.m. on Wednesday, May 27 we proceeded with urgent change to deploy the certificate. The new certificate chains to a supported root, allowing authentication to function without requiring immediate client changes.
The new certificate is in place, and everything is functioning as expected. Most users should not experience any further impact; however, some endpoints may continue to exhibit minor issues (for example, requiring a restart, reconnect, or clearing cached credentials). If you experience any lingering problems, please contact the IT Service Desk for assistance.
What You Need to Do
At this time, no action is required.
Additional guidance will be shared if user or IT unit action is needed.