This is why you should use a private CA for your EAP certificate and use tooling (Group Policy, MDM, Onboard) to get your clients configured for 802.1X and server trust.
If MAC clients manually trusted the server certificate, it's possible that when you change the server certificate that they won't connect.
How do you provision your clients?
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jan 13, 2023 03:14 PM
From: Brad
Subject: MacBook Not Able to Connect
Help Please!
I renewed the InCommon (Comodo) SSL certificates on my NPS servers this morning. Since, ~50 MacBooks did not get the certificate validation popup to trust and accept the certificate. Those that did not get the popup are failing authentication and cannot get on any of my 802.1X networks. We have tried deleting all traces and even manually adding / trusting the certificates. The rest of the MacBooks (thousands) that did get the popup are able to trust, accept the certificate, and get on the .1X networks. The fail/no-fail crosses MacBooks with the same OS version (usually OS 12.6 Monterey) and same types of hardware. Has anybody seen this?
Thanks,
Brad