iOS doesn't trust server certificate signed by intermediate issuer
hc at hcesperer.org
Fri Dec 4 16:33:57 CET 2020
On Fri, Dec 04, 2020 at 08:58:37AM -0500, Alan DeKok wrote:
> On Dec 4, 2020, at 3:59 AM, Hans-Christian Esperer <hc at hcesperer.org> wrote:
> > On Thu, Dec 03, 2020 at 04:22:52PM -0500, Alan DeKok wrote:
> >> For security, iOS doesn't trust *any* certificate. All 802.1X clients should behave this way. But Android doesn't, likely for ease of use. Which means it's relatively easy to do nothing, and have your credentials go to a random server.
> > Hmm, I was at a coworking space some time ago and they had an EAP/PEAP secured
> > network there. Just out of curiosity I tried to log in with my macbook (latest
> > mac os) and to my surprise I did *not* get a certificate warning. I concluded
> > that for probably a bit more money you could get certificates that are accepted
> > by default by supplicants, but I didn't check further. Could this be so?
> I've never heard of that. I doubt that OSX works that way.
> What perhaps happened is that the cert was from a CA you already trusted?
I do have my own CAs on trust, but I am certain that this network wasn't run by
me and they didn't use any of my certificates.
Unfortunately I don't have the certificate handy right now, so I cannot say
anything else about this at this time. When I get a chance to go to that colab
space again I'll check it.
More information about the Freeradius-Users