iOS doesn't trust server certificate signed by intermediate issuer

Igor Sousa igorvolt at
Thu Dec 3 22:01:08 CET 2020

My institution generated our server certificate by GlobalSign, but we
received a server certificate signed by an intermediate issuer, an
intermediate issuer. We receveid the server, intermediate and root
certificates files.

I created a bundle with intermediate and root certificates, in this order
an. I configured the /etc/freeradius/mods-enabled/eap as below:
private_key_file = <path for server private key that I created>
certificate_file = <new path for server.pem received from GlobalSign>
ca_file = <path to ca.bundle obtained by cat intermediate.pem >> ca.bundle
and cat root.pem >> ca.bundle>

I run freeradius service with no issues as well as Android validates server
certificate. When I tested the iOS connection the device showed me the
server certificate as Not Trusted. I verified server certificate
information and it is correct. If I click on the Trust button on the device
screen, I can authenticate on Freeradius server with no issues.

Is this behavior right? Doesn't iOS trust in server certificate signed by
an intermediate chain?

Igor Sousa

More information about the Freeradius-Users mailing list