Hi Heikki, Thank you for your comments - indeed it appears that the only way to avoid the "Not verified" certificate message is to provision the device with a mobileconfig profile.
Best, Mike On Thursday, February 9, 2012 at 3:55 PM, Heikki Vatiainen wrote: > On 02/09/2012 03:08 PM, Mike Puchol wrote: > > Hello Mike, > > > I'm testing EAP-PEAP with an iPad running iOS5.1, and even though I'm > > using an SSL certificate from Digicert, signed using SHA-1, and Digicert > > being on the list of trusted CAs by iOS (I even checked the serial > > number, which is good), I get the following on the iPad's debug console: > > > > > I get the following certificate dialog when joining a WPA-Enterprise > network for the first time: > > Certificate > *cn.from.certificate* (e.g. radius.example.com (http://radius.example.com)) > thawte Primary Root CA > > *red*Not Verified*red* button:Accept > > Description: Client Authentication > Expires: 27.11.2013 1.59.59 > > More details > > > > The root CA is from thawte, as seen above, and Radiator sends full > certificate chain linking the root via the intermediary CAs to > radius.example.com (http://radius.example.com)'s certificate. > > So the root CA is known by iOS, certificate chain is complete and > everything is good. However, it still displays the red 'Not Verified' > and Accept button. Once Accept is chosen, the dialog does not come back > when rejoining the network. > > The only way to get rid of all dialogs has been to use the configuration > utility and create a profile. > > Note: there was no 'Add certificate', 'bad certificate' or red button. > If you see those, maybe the certifiate chain RADIUS server sends is not > complete. It does display 'Not verified', though, when not configured > with external profile. > > Heikki
_______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
