[RADIATOR] iOS5 and untrusted/not verified EAP certificates
Mike Puchol
puchol at me.com
Fri Feb 10 04:04:21 CST 2012
Hi Heikki,
Thank you for your comments - indeed it appears that the only way to avoid the "Not verified" certificate message is to provision the device with a mobileconfig profile.
Best,
Mike
On Thursday, February 9, 2012 at 3:55 PM, Heikki Vatiainen wrote:
> On 02/09/2012 03:08 PM, Mike Puchol wrote:
>
> Hello Mike,
>
> > I'm testing EAP-PEAP with an iPad running iOS5.1, and even though I'm
> > using an SSL certificate from Digicert, signed using SHA-1, and Digicert
> > being on the list of trusted CAs by iOS (I even checked the serial
> > number, which is good), I get the following on the iPad's debug console:
> >
>
>
> I get the following certificate dialog when joining a WPA-Enterprise
> network for the first time:
>
> Certificate
> *cn.from.certificate* (e.g. radius.example.com (http://radius.example.com))
> thawte Primary Root CA
>
> *red*Not Verified*red* button:Accept
>
> Description: Client Authentication
> Expires: 27.11.2013 1.59.59
>
> More details >
>
>
> The root CA is from thawte, as seen above, and Radiator sends full
> certificate chain linking the root via the intermediary CAs to
> radius.example.com (http://radius.example.com)'s certificate.
>
> So the root CA is known by iOS, certificate chain is complete and
> everything is good. However, it still displays the red 'Not Verified'
> and Accept button. Once Accept is chosen, the dialog does not come back
> when rejoining the network.
>
> The only way to get rid of all dialogs has been to use the configuration
> utility and create a profile.
>
> Note: there was no 'Add certificate', 'bad certificate' or red button.
> If you see those, maybe the certifiate chain RADIUS server sends is not
> complete. It does display 'Not verified', though, when not configured
> with external profile.
>
> Heikki
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20120210/cfea36c7/attachment.html
More information about the radiator
mailing list