As of 10.12.3, it does not seem to be prompting users to store the certificate anymore. Still trying to track down what changed.
On 3/28/17, 3:27 PM, "The EDUCAUSE Wireless Issues Constituent Group Listserv on behalf of Julian Y Koh" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU on behalf of kohs...@northwestern.edu> wrote: Hey all, My Google-fu is weak today. Can anyone tell me where macOS Sierra (10.12.x) stores the certificate used for wireless 802.1X EAP-PEAP connections? In older versions of the OS, these were stored nicely in the Keychain, but they don’t seem to be there anymore. We’re in the process of renewing the certificate on our RADIUS server, and our fuzzy 3-year old memories are telling us that the Macs used to prompt people again to accept the new certificate, but that doesn’t seem to be happening now either. So all in all I’m a little confused. :) Thanks in advance! -- Julian Y. Koh Associate Director, Telecommunications and Network Services Northwestern Information Technology 2001 Sheridan Road #G-166 Evanston, IL 60208 +1-847-467-5780 Northwestern IT Web Site: <http://www.it.northwestern.edu/> PGP Public Key: <https://bt.ittns.northwestern.edu/julian/pgppubkey.html> ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss. ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.