It was my understanding the TLS certificate "825 day" and now "~390 day" requirement was for safari only, not for the .1x supplicant On Wed, Feb 26, 2020 at 11:58 AM Alan DeKok <aland@deployingradius.com> wrote:
If people are having issues with iOS and OSX getting online, you should check out Apples new guidelines:
https://support.apple.com/en-ca/HT210176
Even if your certificates meet those criteria, they *might* still be rejected. If so, you should do some tests with the "example.com" certificates that the server builds in raddb/certs. Use a test machine (not the production RADIUS server!) and figure out if the certificates are accepted by iOS.
If so, then you may have to get new production certificates which more closely match the test ones.
iOS and OSX are "black boxes", and do NOT give useful information as to why they rejected the certificate. If they did, it would be a simple matter to fix the offending field.
Instead, Apple punishes everyone for their own laziness. :(
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Munroe Sollog Senior Network Engineer munroe@lehigh.edu