Because Macs and iPhones allow you to manually verify the certificate hash, which is easier and equally secure to a supplicant utility, so we also support that avenue for configuration. However, if you don't have a public-CA-signed certificate, they display the words "Not Trusted" in red bold letters during the certificate verification process.
On Tue, Jul 31, 2018 at 5:30 PM Cappalli, Tim (Aruba Security) <t...@hpe.com> wrote: > Just curious, for those running a supplicant configuration utility, why > are you using a public CA-signed EAP server certificate? > > > On 7/31/18, 4:21 PM, "The EDUCAUSE Wireless Issues Constituent Group > Listserv on behalf of Charles Rumford" <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > on behalf of charl...@isc.upenn.edu> wrote: > > On 07/31/2018 04:18 PM, Michael Dickson wrote: > > Hi Charles, > > > > > > What do you mean by "we ended up configuring all of the intermediate > certs"? Do > > you mean you are now pushing all certs down to the client during the > JoinNow > > process? > > Yes. We ended up, just for Windows, pushing all of certs down to the > clients. It > was the only way we could get the profile to work. > > > > > > > We are also running EAP-TTLS/PAP with JoinNow with a cross-signed > double > > intermediate cert. I haven't heard of any issues yet but want to get > in front of > > any that might crop up.. > > > > > > Thanks, > > Mike > > > > Michael Dickson > > Network Engineer > > Information Technology > > University of Massachusetts Amherst > > 413-545-9639 <(413)%20545-9639> > > michael.dick...@umass.edu > > PGP: 0x16777D39 > > > > > > > > > -------------------------------------------------------------------------------- > > *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv > > <WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Charles Rumford > > <charl...@isc.upenn.edu> > > *Sent:* Tuesday, July 31, 2018 12:24 PM > > *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > > *Subject:* Re: [WIRELESS-LAN] Issues with Windows 10 > > > > On 07/30/2018 01:09 PM, Turner, Ryan H wrote: > >> From SecureW2: > >> > >> The issue is noticed when the RADIUS server cert is signed by > AddTrust External CA Root (Cross signed by USERTrust RSA Certification > Authority) and with the recent windows 10 update. We are looking into this > and should be able to provide you an update. > >> > > > > We ended up configuring all of the intermediate certs, and it solved > the problem. > > > > > > -- > > Charles Rumford > > Senior Network Engineer > > ISC Tech Services > > University of Pennsylvania > > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > > > > > ********** > > Participation and subscription information for this EDUCAUSE > Constituent Group > > discussion list can be found at http://www.educause.edu/discuss. > > > > ********** Participation and subscription information for this > EDUCAUSE > > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > > > > -- > Charles Rumford > Senior Network Engineer > ISC Tech Services > University of Pennsylvania > OpenPGP Key ID: 0x173F5F3A (2018/07/05) > > ********** > Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at > http://www.educause.edu/discuss. > > > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/discuss. > > -- -- Hunter Fuller Network Engineer VBH Annex B-5 +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/discuss.