IOS 11 -> WPA2 Wifi radius.meraki.com godaddy certificate not trusted

IngramLeedy
Here to help

IOS 11 -> WPA2 Wifi radius.meraki.com godaddy certificate not trusted

IOS 11 users are unable to connect to Wifi WPA2. Users receive error about radius.meraki.com certificate issued by GoDaddy is not trusted. If you trust the certificate, it ignore, and will not connect and prompt again when re-connecting.

 

Is it possible that Meraki is not sending the intermediate certificates?

6 REPLIES 6
STS
Conversationalist

We just opened a support case about this. Apple devices with iOS 11 and High Sierra no longer support security certificates signed with SHA-1 algorithms.

It seems the certificate for Meraki's Radius Server (radius.meraki.com) is signed with a GoDaddy SHA-1 with RSA Encryption ( 1.2.840.113549.1.1.5 ). This is causing all iOS 11 and High Sierra devices that use Wifi to fail connecting to Meraki APs.

Apple Article
https://support.apple.com/en-us/HT207459

Interesting information. I haven't made any process with Meraki support. The latest they want me to contact Apple.  

 

Have you made any progress?   

 

It seem as they need to re-issue the certificate for radius.meraki.com with SHA-256.

 

After reading you message, I found this article that I found helpful about SHA1 depreciation. 

https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know

 

 

 

MRCUR
Kind of a big deal

@IngramLeedy The GoDaddy cert they're using expires in about a month, so I expect this will be resolved then when it's renewed. 

MRCUR | CMNO #12

Based on the feedback from Meraki Support, the certificate is renewed. I'm not able to test it. Can anyone confirm it?

Does the iPhone connect automatically again or is some user interaction required? If yes, what?

This issue seemed to resolve. We tested about a week ago and it continues to connect successful today.

seems to be intermittent. on the apple side.

any plans on updating the certificate to something more secure that they still support?

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels