iOS doesn't trust server certificate signed by intermediate issuer

Alan DeKok aland at deployingradius.com
Fri Dec 4 14:58:37 CET 2020


On Dec 4, 2020, at 3:59 AM, Hans-Christian Esperer <hc at hcesperer.org> wrote:
> 
> On Thu, Dec 03, 2020 at 04:22:52PM -0500, Alan DeKok wrote:
>>  For security, iOS doesn't trust *any* certificate.  All 802.1X clients should behave this way.  But Android doesn't, likely for ease of use.  Which means it's relatively easy to do nothing, and have your credentials go to a random server.
> 
> Hmm, I was at a coworking space some time ago and they had an EAP/PEAP secured
> network there. Just out of curiosity I tried to log in with my macbook (latest
> mac os) and to my surprise I did *not* get a certificate warning. I concluded
> that for probably a bit more money you could get certificates that are accepted
> by default by supplicants, but I didn't check further. Could this be so?

  I've never heard of that.  I doubt that OSX works that way.

  What perhaps happened is that the cert was from a CA you already trusted?

  Alan DeKok.




More information about the Freeradius-Users mailing list