I think that is expected behavior (and checked with another network to confirm), because the SSID that you connect to (LCCC-Student) can not be verified against the certificate. That is because certificates are based on DNS names, where SSIDs can be arbitrary configured, which means there is no way to verify if the certificate matches the SSID.
For Enterprise Authentication it is close to mandatory to use device management (Group Policies/MDM/EMM) or an onboarding system like ClearPass Onboard to configure the client. Manual configuration is nearly impossible to get secure without the end user exactly knowing what to do.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Mar 14, 2023 09:08 AM
From: raulberrio
Subject: ClearPass HTTPS\RADIUS Certificate not trusted by iOS devices
I applied a new SAN certificate from an Apple trusted certificate authority (Go Daddy Secure Certificate Authority - G2). We verified the certificate is in the correct chain order per Aruba TAC (server -> intermediate -> root -> private key). Apple iOS devices identify the certificate as NOT TRUSTED. Considering trying a different CA on the Apple trusted listed. I attached a video of the warning from my personal iOS device (iPhone 13 Pro Max on iOS 16.3.1) and a screenshot comparing the HTTPS certificate details from Google Chrome with the CA listed on Apple's support site (List of available trusted root certificates in iOS 16, iPadOS 16, macOS 13, tvOS 16, and watchOS 9 - Apple Support). Any ideas or suggestions would be greatly appreciated.