Hello,
we have setup Wifi Encryption 802.1X with custom RADIUS (Windows Server 2016 RADIUS NPS) with your instruction:
We have the following isse:
Warning on mobile devices (iOS): untrustworthy connection (text in red color)
The certificate must be trusted manually to connect the mobile device to the Wifi ssid.
Beacuse of that warning we have bought a trusted certificate.
Please tell me asap in which way this warning "untrustworthy connection" can be solved. Does anyone have the same scenario and issue?
Thank you!
Regards
P. Bruder
Were you succesful in the installing of your bought certificate in NPS?
And selecting it during step 8 of the NPS policy validation?
"8. Click Configure to review the Edit Protected EAP Properties. The server certificate should be in the Certificate issued drop down. "
Yes, the bought certificate is successfully installed on the Windows Server 2016 and the setup in NPS Policy is done also.
We have also checked these settings with service provider for these new WLAN solution and found no error in configuration.
On Windows 10 Notebooks these new bought certificate does work fine. These Notebooks are not in Domain and the authentification to the WLAN is done by Domaincredentials.
Without the bought certificate these client had not connection to the WLAN.
Do you have more tips?
I've been reading up about it a bit and it seems like the default behavior of iOS is to not validate it through the (trusted) root CA. So the users will manually have to accept the certificate the first time they connect. The recommendation given in most things I read is to use your MDM solution or apple configurator to push the certificates so they don't have to manually trust the certificate.
Source:
We have this issue when using RADIUS through Windows Servers or macOS servers.
Devices pop up saying the certificate is untrusted even when the chain it presents is trusted
That means user has to acept a untrusted connection, because these are private iOS device not all from our company?
Because of that these devices are not manageable via MDM or other tools.
As of yet we've not been able to work our way round this - we've not extensively tried to be fair. But we have legitimate certificates and they are installed correctly and show as trusted