Apple Devices not trusting Comodo SSL Certificate on initial Wireless Connection

[Jim Williams Jr <Jim.Williams () PCT EDU>]

Hello, everyone, I am on my last straw and I was hoping that someone here might have some information to help.

We have a Cisco Wireless infrastructure with a central management server.  That system is using Microsoft NPS servers 
for their Radius Authentication of WPA2 Enterprise.  We have purchased a cert from Comodo, and the root cert of the 
chain is listed as a trusted cert on the Apple list of trusted certs.  The problem is that at first connect to the 
wireless all Apple devices prompt you to use the "not trusted" certificate even though it is a trusted cert.  We would 
like to keep this from prompting users as it is confusing, and doesn't reflect a good image of our security posture.

I have done a lot of research on the matter, and the conclusion that I have reached is that there is no way to stop 
this behavior besides preloading the root cert of the chain into an Apple device profile.  I have tested this and it 
does work.  This isn't exactly the solution that we are looking for though.  This would require all new users to 
somehow acquire the root certificate and install, and that would require instruction and distribution of that key.

If there is nothing that can be done, we will work around the issue.  Did anyone here on the forum has run into a 
similar issue, and may be able to offer some insight on a solution to the problem?

James Williams, MPS
Pennsylvania College of Technology
Manager of IT Security | Information Technology Services
Jim.Williams () pct edu<mailto:Jim.Williams () pct edu>
[https://mypct.pct.edu/PublishingImages/PCT_Primary3_Gradient_WhiteBg-small.jpg]


________________________________
This email may contain confidential information about a Pennsylvania College of Technology student. It is intended 
solely for the use of the recipient. This email may contain information that is considered an "educational record" 
subject to the protections of the Family Educational Rights and Privacy Act Regulations. The regulations may be found 
at 34 C.F.R. Part 99 for your reference. The recipient may only use or disclose the information in accordance with the 
requirements of the Federal Educational Rights and Privacy Act Regulations. If you have received this transmission in 
error, please notify the sender immediately and permanently delete the email.