We have constant problems with iOS devices trying to gain internet access via our portal. I know it's related to OCSP, in some form or fashion, because when I disable OCSP in the client web browser - SHAZAM!...I have internet access. Without disabling OCSP, the browser will often time out trying to ultimately gain internet connectivity.
I've opend a case with TAC and they've made changes to our system using this KB article as a guide: https://arubanetworkskb.secure.force.com/pkb/articles/HowTo/R-1336 but unfortunately this has not solved our problem.
I'm wondering if it's far more simple; I'm wondering if it's because we're using a 3rd party certificate issued by Network Solutions and we should just buy a cert from either Thawte or Verisign which, by default, are MUCH much more trusted by client browsers??? I think this is why disabling OCSP works because you're bascially telling the client browser to ignore the cert - just accept it - don't bother trying to verify whether it's legit or not.
Do other people have this same issue? Who do you buy your certs from?
Ed