Security

Reply
Occasional Contributor II

RADIUS certificate 'not verified'

We're using Clearpass to authenticate access requests to our wireless networks which are provided from Aruba controllers.  Although we've installed a RADIUS certificate from a public CA (GoDaddy), iOS devices still state that the CA isn't verified and prompts users to accept.

 

I've tried (to no avail):

 

Use a certificate from a different public CA (DigiCert)

Confirmed that the root certificate is included in the iOS root store

Combined intermediate and server certificate

 

I have read that this behaviour is expected on iOS devices, but I find it hard to believe that this is the case given the number of non-managed iOS devices that must require seemless authentication.

 

Any input on this would be much appreciated...

Guru Elite

Re: RADIUS certificate 'not verified'

There are many posts on this topic.

 

This is a normal part of the EAP-PEAP/EAP-TTLS/EAP-TLS process. It has NOTHING to do with whether the certificate is signed by a public CA. It is asking if you trust this "server" (common name in the cert) to send your credentials to, for the connection to this network (SSID).

 

Therefore, if you have two SSIDs that use different certs signed by the same CA, you will still receive the prompt the first time you connect to each network.

 

You will see this the first time you connect, across all platforms unless the device is pre-configured (Profile push, MDM, Group Policy, QuickConnect, Onboard, etc)


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: