iOS and OSX issues

Munroe Sollog mus3 at
Wed Feb 26 19:25:38 CET 2020

It was my understanding the TLS certificate "825 day" and now "~390 day"
requirement was for safari only, not for the .1x supplicant

On Wed, Feb 26, 2020 at 11:58 AM Alan DeKok <aland at>

>   If people are having issues with iOS and OSX getting online, you should
> check out Apples new guidelines:
>   Even if your certificates meet those criteria, they *might* still be
> rejected.  If so, you should do some tests with the ""
> certificates that the server builds in raddb/certs.  Use a test machine
> (not the production RADIUS server!)  and figure out if the certificates are
> accepted by iOS.
>   If so, then you may have to get new production certificates which more
> closely match the test ones.
>   iOS and OSX are "black boxes", and do NOT give useful information as to
> why they rejected the certificate.  If they did, it would be a simple
> matter to fix the offending field.
>   Instead, Apple punishes everyone for their own laziness.  :(
>   Alan DeKok.
> -
> List info/subscribe/unsubscribe? See

Munroe Sollog
Senior Network Engineer
munroe at

More information about the Freeradius-Users mailing list