05-10-2016 06:35 PM
First time posting here, but I've encountered a problem that I can't find anywhere else out there. So it would seem to be unique to my instance, but I'm still hoping someone may have some insight.
Essentially, when users connect from a Mac running El Capitan (10.11), the first time they connect, they are prompted to trust the certificate. Obviously, this is normal behaviour, they click trust and it puts it into the certificate chain.
However, every time they connect, they still receive the message to check the certificate and to continue. While it doesn't prevent them from connecting, it is an extra step that has become quite annoying to our users. It doesn't impact mobiles or windows devices, just the Mac's running the latest OS.
Our certificate has been loaded both as just the leaf as well as the full chain. The root certificate is in the normal OSX System Roots already as well.
One thing we believe may be related is that we use a CN common across all of our clearpass devices, with SAN that has the more specific information for each of the boxes. Example: CN = clearpass.domain with SAN = site1-clearpass.domain.
Any thoughts or recommendations would be appreciated. Another note is that we are using EV certificates and while we don't believe this should have any impact, we would appreciate knowing if anyone else is using an EV cert without any issues.
05-10-2016 06:38 PM
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP