subject:"Re\: \[WIRELESS\-LAN\] macOS Sierra and 802.1X certificate storage\/validation"

Re: [WIRELESS-LAN] macOS Sierra and 802.1X certificate storage/validation

2017-05-16 Thread Julian Y Koh

All fixed in 10.12.5, thanks to Tim for filing the bug report with Apple! 

:

===
> 802.1X
> Available for: macOS Sierra 10.12.4
> Impact: A malicious network with 802.1X authentication may be able to capture 
> user network credentials
> Description: A certificate validation issue existed in EAP-TLS when a 
> certificate changed. This issue was addressed through improved certificate 
> validation.
> CVE-2017-6988: Tim Cappalli of Aruba, a Hewlett Packard Enterprise company
==


-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 



> On Mar 28, 2017, at 14:35, Cappalli, Tim (Aruba)  wrote:
> 
> As of 10.12.3, it does not seem to be prompting users to store the 
> certificate anymore. Still trying to track down what changed.
> 
> 
> 
> On 3/28/17, 3:27 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
> on behalf of Julian Y Koh"  kohs...@northwestern.edu> wrote:
> 
>Hey all,
> 
>My Google-fu is weak today.  Can anyone tell me where macOS Sierra 
> (10.12.x) stores the certificate used for wireless 802.1X EAP-PEAP 
> connections?  In older versions of the OS, these were stored nicely in the 
> Keychain, but they don’t seem to be there anymore.
> 
>We’re in the process of renewing the certificate on our RADIUS server, and 
> our fuzzy 3-year old memories are telling us that the Macs used to prompt 
> people again to accept the new certificate, but that doesn’t seem to be 
> happening now either.  So all in all I’m a little confused.  :)
> 
>Thanks in advance!
> 
>-- 
>Julian Y. Koh
>Associate Director, Telecommunications and Network Services
>Northwestern Information Technology
> 
>2001 Sheridan Road #G-166
>Evanston, IL 60208
>+1-847-467-5780
>Northwestern IT Web Site: 
>PGP Public Key: 
> 
> 
>**
>Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DwIGaQ=yHlS04HhBraes5BQ9ueu5zKhE7rtNXt_d012z2PA6ws=ITCdJ8r7Mvmi4B5IfM-uUxBCe5N77i8k9OcsASk91Zg=ERaN25tueHepduqA5F6d0VOKN62NCdg7vngfRxToX8g=AYCkHalzoB5Xo6HrWo2peozbx2E35qV1FNM0nxZfg1k=
>  .
> 
> 
> 
> 
> **
> Participation and subscription information for this EDUCAUSE Constituent 
> Group discussion list can be found at 
> https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_discuss=DwIGaQ=yHlS04HhBraes5BQ9ueu5zKhE7rtNXt_d012z2PA6ws=ITCdJ8r7Mvmi4B5IfM-uUxBCe5N77i8k9OcsASk91Zg=ERaN25tueHepduqA5F6d0VOKN62NCdg7vngfRxToX8g=AYCkHalzoB5Xo6HrWo2peozbx2E35qV1FNM0nxZfg1k=
>  .
> 



**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] macOS Sierra and 802.1X certificate storage/validation

2017-03-28 Thread Cappalli, Tim (Aruba)

As of 10.12.3, it does not seem to be prompting users to store the certificate 
anymore. Still trying to track down what changed.



On 3/28/17, 3:27 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv 
on behalf of Julian Y Koh"  wrote:

Hey all,

My Google-fu is weak today.  Can anyone tell me where macOS Sierra 
(10.12.x) stores the certificate used for wireless 802.1X EAP-PEAP connections? 
 In older versions of the OS, these were stored nicely in the Keychain, but 
they don’t seem to be there anymore.

We’re in the process of renewing the certificate on our RADIUS server, and 
our fuzzy 3-year old memories are telling us that the Macs used to prompt 
people again to accept the new certificate, but that doesn’t seem to be 
happening now either.  So all in all I’m a little confused.  :)

Thanks in advance!

-- 
Julian Y. Koh
Associate Director, Telecommunications and Network Services
Northwestern Information Technology

2001 Sheridan Road #G-166
Evanston, IL 60208
+1-847-467-5780
Northwestern IT Web Site: 
PGP Public Key: 


**
Participation and subscription information for this EDUCAUSE Constituent 
Group discussion list can be found at http://www.educause.edu/discuss.




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: [WIRELESS-LAN] macOS Sierra and 802.1X certificate storage/validation

Re: [WIRELESS-LAN] macOS Sierra and 802.1X certificate storage/validation

2 matches

Site Navigation

Mail list logo

Footer information