iOS and OSX issues

Munroe Sollog mus3 at lehigh.edu
Wed Feb 26 19:25:38 CET 2020


It was my understanding the TLS certificate "825 day" and now "~390 day"
requirement was for safari only, not for the .1x supplicant

On Wed, Feb 26, 2020 at 11:58 AM Alan DeKok <aland at deployingradius.com>
wrote:

>   If people are having issues with iOS and OSX getting online, you should
> check out Apples new guidelines:
>
> https://support.apple.com/en-ca/HT210176
>
>   Even if your certificates meet those criteria, they *might* still be
> rejected.  If so, you should do some tests with the "example.com"
> certificates that the server builds in raddb/certs.  Use a test machine
> (not the production RADIUS server!)  and figure out if the certificates are
> accepted by iOS.
>
>   If so, then you may have to get new production certificates which more
> closely match the test ones.
>
>   iOS and OSX are "black boxes", and do NOT give useful information as to
> why they rejected the certificate.  If they did, it would be a simple
> matter to fix the offending field.
>
>   Instead, Apple punishes everyone for their own laziness.  :(
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html



-- 
Munroe Sollog
Senior Network Engineer
munroe at lehigh.edu


More information about the Freeradius-Users mailing list