iOS and OSX issues
Munroe Sollog
mus3 at lehigh.edu
Wed Feb 26 19:25:38 CET 2020
It was my understanding the TLS certificate "825 day" and now "~390 day"
requirement was for safari only, not for the .1x supplicant
On Wed, Feb 26, 2020 at 11:58 AM Alan DeKok <aland at deployingradius.com>
wrote:
> If people are having issues with iOS and OSX getting online, you should
> check out Apples new guidelines:
>
> https://support.apple.com/en-ca/HT210176
>
> Even if your certificates meet those criteria, they *might* still be
> rejected. If so, you should do some tests with the "example.com"
> certificates that the server builds in raddb/certs. Use a test machine
> (not the production RADIUS server!) and figure out if the certificates are
> accepted by iOS.
>
> If so, then you may have to get new production certificates which more
> closely match the test ones.
>
> iOS and OSX are "black boxes", and do NOT give useful information as to
> why they rejected the certificate. If they did, it would be a simple
> matter to fix the offending field.
>
> Instead, Apple punishes everyone for their own laziness. :(
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Munroe Sollog
Senior Network Engineer
munroe at lehigh.edu
More information about the Freeradius-Users
mailing list