09-03-2014 07:19 AM
We're using Clearpass to authenticate access requests to our wireless networks which are provided from Aruba controllers. Although we've installed a RADIUS certificate from a public CA (GoDaddy), iOS devices still state that the CA isn't verified and prompts users to accept.
I've tried (to no avail):
Use a certificate from a different public CA (DigiCert)
Confirmed that the root certificate is included in the iOS root store
Combined intermediate and server certificate
I have read that this behaviour is expected on iOS devices, but I find it hard to believe that this is the case given the number of non-managed iOS devices that must require seemless authentication.
Any input on this would be much appreciated...
Solved! Go to Solution.
09-03-2014 07:20 AM - edited 09-03-2014 07:29 AM
There are many posts on this topic.
This is a normal part of the EAP-PEAP/EAP-TTLS/EAP-TLS process. It has NOTHING to do with whether the certificate is signed by a public CA. It is asking if you trust this "server" (common name in the cert) to send your credentials to, for the connection to this network (SSID).
Therefore, if you have two SSIDs that use different certs signed by the same CA, you will still receive the prompt the first time you connect to each network.
You will see this the first time you connect, across all platforms unless the device is pre-configured (Profile push, MDM, Group Policy, QuickConnect, Onboard, etc)
Tim Cappalli | Aruba ClearPass TME
@timcappalli | ACMX #367 / ACCX #480 / ACEAP / CWSP