Wireless Access

Reply
Frequent Contributor I

802.1x Radius server "not verified"

Good afternoon everyone.

 

We are implementing a new SSID with 802.1x PEAP authentication, where the client authenticates via RADIUS server. We have an internal CA which issued the certificates for our servers and our RADIUS receive this certificate from our internal CA. One thing puzzles me, when the user's iPhone, iPad attempts to connect to this SSID with RADIUS 802.1xo certificate appears as "not verified", so I've been reading here on the forum when it uses 802.1x without termination is not no need to import certificate for our parent company. If that's right, what's wrong?
I appreciate any help.

Guru Elite

Re: 802.1x Radius server "not verified"

iphones, ipads, always have that message when a new certificate is observed.

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: 802.1x Radius server "not verified"

Thx 4 reply Cj,

 

But I would not like to put this certificate as "valid" or "verified"?

Guru Elite

Re: 802.1x Radius server "not verified"

Yes, but it is the nature of IOS to display the first time an IOS device has ever seen a server certificate:

 

https://discussions.apple.com/message/25097802

 



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Frequent Contributor I

Re: 802.1x Radius server "not verified"

Yes, I understand that is native IOS always display the certificate to authenticate, after that he really does not have the certificate. My question is, is this "Not verified" disappears and "Verified" appear.

Frequent Contributor I

Re: 802.1x Radius server "not verified"

Btw my problem is the same topic that you mentioned, just that there was not a solution.

Guru Elite

Re: 802.1x Radius server "not verified"

You are right.  Unless you distribute certificates and/or a trusted CA via .mobileconfig file on IOS, you will have that issue.  ClearPass Onboard does distribute user and CA certificates and WLAN configurations with a .mobileconfig file.  If you do not have Onboard or another platform that distributes the CA trust, you will probably continue to have that issue.



Colin Joseph
Aruba Customer Engineering

Looking for an Answer? Search the Community Knowledge Base Here: Community Knowledge Base

Guru Elite

Re: 802.1x Radius server "not verified"

There are some slides in this presentation that show Verified vs Unverified etc...

 

http://community.arubanetworks.com/t5/Americas-Airheads-Conference/Breakout-Real-world-802-1X-Deployment-Challenges/gpm-p/129211


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Frequent Contributor I

Re: 802.1x Radius server "not verified"

Thank you all for the answers.
At the moment we climb a RADIUS test version and apply a valid test certificate (GeoTrust, Verisign etc.) and we do the tests. Including a step-by-step instructions I found here on the forum.
CAPPALI,  EXCELLENT  documentation on the subject, save in my knowledge base.
thank you

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: