[RADIATOR] iOS5 and untrusted/not verified EAP certificates

Mike Puchol puchol at me.com
Thu Feb 9 07:08:24 CST 2012


Hi all, 

I'm testing EAP-PEAP with an iPad running iOS5.1, and even though I'm using an SSL certificate from Digicert, signed using SHA-1, and Digicert being on the list of trusted CAs by iOS (I even checked the serial number, which is good), I get the following on the iPad's debug console:

Feb  9 14:02:08 Mikes-iPad kernel[0] <Debug>: AppleBCMWLANCore::setCIPHER_KEY() [eapolclient]: type = CIPHER_PMK, index = 0, flags = 0x0, key lenght 0, key rsc lenght 0
Feb  9 14:02:08 Mikes-iPad eapolclient[149] <Notice>: peap_verify_server: server certificate not trusted, status 3 0
Feb  9 14:02:08 Mikes-iPad Preferences[93] <Warning>: -[WiFiManager(Private) _enterpriseAssociationResult:withInfo:]: User Information required
Feb  9 14:02:10 Mikes-iPad eapolclient[149] <Notice>: peap_verify_server: server certificate not trusted, status 3 0
Feb  9 14:02:16 Mikes-iPad eapolclient[149] <Notice>: peap_verify_server: server certificate not trusted, status 3 0

The iPad then shows up an "Add certificate" dialog, but with a big red button and the text "Not verified". My guess is that it's trying to check a CRL, but of course, being still offline, this cannot be done.

Has anyone successfully connected an iOS5 device using EAP without "bad certificate" warnings? As clarification, I'm not using provisioning profiles, so the iPad doesn't "know" the network when it first connects to it.

Cheers,

Mike 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120209/92d6d389/attachment.html 


More information about the radiator mailing list