Educause Security Discussion mailing list archives
Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection
From: Jim Williams Jr <Jim.Williams () PCT EDU>
Date: Wed, 18 Oct 2017 17:18:32 +0000
Hello, everyone, I am on my last straw and I was hoping that someone here might have some information to help. We have a Cisco Wireless infrastructure with a central management server. That system is using Microsoft NPS servers for their Radius Authentication of WPA2 Enterprise. We have purchased a cert from Comodo, and the root cert of the chain is listed as a trusted cert on the Apple list of trusted certs. The problem is that at first connect to the wireless all Apple devices prompt you to use the "not trusted" certificate even though it is a trusted cert. We would like to keep this from prompting users as it is confusing, and doesn't reflect a good image of our security posture. I have done a lot of research on the matter, and the conclusion that I have reached is that there is no way to stop this behavior besides preloading the root cert of the chain into an Apple device profile. I have tested this and it does work. This isn't exactly the solution that we are looking for though. This would require all new users to somehow acquire the root certificate and install, and that would require instruction and distribution of that key. If there is nothing that can be done, we will work around the issue. Did anyone here on the forum has run into a similar issue, and may be able to offer some insight on a solution to the problem? James Williams, MPS Pennsylvania College of Technology Manager of IT Security | Information Technology Services Jim.Williams () pct edu<mailto:Jim.Williams () pct edu> [https://mypct.pct.edu/PublishingImages/PCT_Primary3_Gradient_WhiteBg-small.jpg] ________________________________ This email may contain confidential information about a Pennsylvania College of Technology student. It is intended solely for the use of the recipient. This email may contain information that is considered an "educational record" subject to the protections of the Family Educational Rights and Privacy Act Regulations. The regulations may be found at 34 C.F.R. Part 99 for your reference. The recipient may only use or disclose the information in accordance with the requirements of the Federal Educational Rights and Privacy Act Regulations. If you have received this transmission in error, please notify the sender immediately and permanently delete the email.
Current thread:
- Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Jim Williams Jr (Oct 18)
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Francisco Chavez (Oct 18)
- <Possible follow-ups>
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Jim Williams Jr (Oct 18)
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Rich Graves (Oct 18)
- Re: Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection Ted Pham (Oct 18)