AAA, NAC, Guest Access & BYOD

I am able to install the profile and it appears as verified in iOS 6,7 devices and also on Mac OS X 10.8 however only on Mac OS X 10.9 it appears as unverified.

Environment : Clearpass 6.2.3 with Mac OS X 10.9

 

Symptoms : While onboarding Mac OS X 10.9 device, the profile installation completes succesfully. However the profile shows up as unverified eventhough customer has already installed the root certificate of the onboard CA.

 

 

Checking the profile in Mac would tell us that the Onboard root CA is trusted and the Onboard Signing CA is valid, however the profile itself is not valid.

Checking the keychain in Mac would tell us that the Onboard root CA is trusted.

On Mac OS X 10.8, the profile would show as valid and verified.

 

This happens when the Onboard CA certificate is generated using MD5 and the profile signing certificate is also using MD5 as signing algorithm. Mac OS X 10.9 has dropped support for MD5 as signing algorithm except in the case for root CAs. More details can be found from apple.

 

http://support.apple.com/kb/HT6011http://support.apple.com/kb/HT6011

 

rtaImage.jpg

 

The resolution here is to generate a new CA certificate with the signing algorithm as SHA1 / SHA 2 (SHA 2 recommended). In this case the profile signing certificate will also use SHA1/ SHA2 which is supported by Mac OS X 10.9 and the profile now would show up as verified.

 

 

Version History
Revision #:
1 of 1
Last update:
‎07-11-2014 01:44 PM
Updated by:
 
Labels (1)
Contributors
Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.