BugZero | Cisco BugID CSCwf80292 - ISE cannot retrieve a peer certificate during EAP-...

Cisco - Defect ID: CSCwf80292

ISE cannot retrieve a peer certificate during EAP-TLS authentication

Cisco - Defect ID: CSCwf80292

ISE cannot retrieve a peer certificate during EAP-TLS authentication

Last updated on December 15th, 2025

BugZero Risk Score
9.7 High

Overall: 9.7

Severity: 10.0

Lifecycle: 9.1

Popularity: 7.8

What is the BugZero Risk Score?

Cisco Integration

Learn more about where this data comes from

Cisco Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 70

Description

Symptom

ISE cannot retrieve a peer certificate during EAP-TLS. show logging application prrt-server.log | include "sent no certificate" displays the next EAP-TLS: Unable to retrieve peer certificate from cache,EapTlsProtocol.cpp:1318 Crypto,2023-06-27 21:22:47,773,ERROR,0x7f1854d64700,NIL-CONTEXT,Crypto::Result=39, Crypto.SSLConnection.getPeerCertificate - Peer sent no certificate,SSLConnection.cpp:531 Failure reason: 22047 User name attribute is missing in client certificate

Conditions

This defect impacts only EAP-TLS AND ISE 3.1 patch 7 runtime-aaa component is NOT set to debug.

Workaround

Disable EAP-TLS session resume from Administration > System > Settings > Protocols > EAP-TLS. Uncheck Enable Stateless Session Resume from Policy > Results > Authentication > Allowed Protocols > Allow EAP-TLS

Further Problem Description

You may see this error if session resumption is not enabled as well if it was a genuine issue. If session resumption is not enabled and you see this error, take a packet capture on ISE side to confirm if the certificate is being sent ISE and troubleshoot from there.

Change history

2025-07-02 Added: 003.001(000.907)

Relevant Products

Click on a version to see all relevant bugs

Affected versions:003.001(000.907)

Fixed versions: 003.004(000.608), 3.0.0.458-Patch8, 3.1.0.518-Patch8, 3.2.0.542-Patch3, 3.3.0.430-Patch1

Relevant Products

Click on a version to see all relevant bugs

Affected versions:003.001(000.907)

Fixed versions: 003.004(000.608), 3.0.0.458-Patch8, 3.1.0.518-Patch8, 3.2.0.542-Patch3, 3.3.0.430-Patch1

Top Cisco Defects

9.7Defect ID: CSCwq31287
Cisco IOS and IOS XE Software SNMP Denial of Service and Remote Code Execution Vulnerability
9.7Defect ID: CSCvq12070
Not able to establish more than 2 simultaneous ASDM sessions
9.7Defect ID: CSCvx32806
Access Points stuck in bootloop due to image checksum verification failed
9.7Defect ID: CSCwc94466
Cisco ASA/FTD Firepower 2100 SSL/TLS Denial of Service Vulnerability
9.7Defect ID: CSCwf80292
ISE cannot retrieve a peer certificate during EAP-TLS authentication

Ready to prevent the next vendor outage?

Get a demo

Cisco - Defect ID: CSCwf80292

ISE cannot retrieve a peer certificate during EAP-TLS authentication

Cisco - Defect ID: CSCwf80292

ISE cannot retrieve a peer certificate during EAP-TLS authentication

Last updated on December 15th, 2025

BugZero Risk Score9.7 High

Bug Details

Symptom

Conditions

Workaround

Further Problem Description

Top Cisco Defects

Ready to prevent the next vendor outage?

Links

BugZero Risk Score
9.7 High