WiFi Encryption 802.1X with custom RADIUS (Windows Server 2016 RADIUS NPS): Warning on mobile device

pbruder
New here

WiFi Encryption 802.1X with custom RADIUS (Windows Server 2016 RADIUS NPS): Warning on mobile device

Hello,

we have setup Wifi Encryption 802.1X with custom RADIUS (Windows Server 2016 RADIUS NPS) with your instruction:

https://documentation.meraki.com/MR/Encryption_and_Authentication/Configuring_RADIUS_Authentication_...

 

We have the following isse:

Warning on mobile devices (iOS): untrustworthy connection (text in red color)


The certificate must be trusted manually to connect the mobile device to the Wifi ssid.


Beacuse of that warning we have bought a trusted certificate.

 

Please tell me asap in which way this warning "untrustworthy connection" can be solved. Does anyone have the same scenario and issue?

 

Thank you!

 

Regards

P. Bruder

6 Replies 6
BrechtSchamp
Kind of a big deal

Were you succesful in the installing of your bought certificate in NPS?

https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc...

 

And selecting it during step 8 of the NPS policy validation?

"8. Click Configure to review the Edit Protected EAP Properties. The server certificate should be in the Certificate issued drop down. "

pbruder
New here

Yes, the bought certificate is successfully installed on the Windows Server 2016 and the setup in NPS Policy is done also.
We have also checked these settings with service provider for these new WLAN solution and found no error in configuration.

 

On Windows 10 Notebooks these new bought certificate does work fine. These Notebooks are not in Domain and the authentification to the WLAN is done by Domaincredentials.
Without the bought certificate these client had not connection to the WLAN.

 

Do you have more tips?

BrechtSchamp
Kind of a big deal

I've been reading up about it a bit and it seems like the default behavior of iOS is to not validate it through the (trusted) root CA. So the users will manually have to accept the certificate the first time they connect. The recommendation given in most things I read is to use your MDM solution or apple configurator to push the certificates so they don't have to manually trust the certificate.

 

2019-03-11 09_02_49-Enterprise Best Practices for iOS devices and Mac computers on Cisco Wireless LA.png

Source:

https://www.cisco.com/c/dam/en/us/td/docs/wireless/controller/technotes/8-6/Enterprise_Best_Practice...

Nick
Head in the Cloud

We have this issue when using RADIUS through Windows Servers or macOS servers. 

 

Devices pop up saying the certificate is untrusted even when the chain it presents is trusted

pbruder
New here

That means user has to acept a untrusted connection, because these are private iOS device not all from our company?

Because of that these devices are not manageable via MDM or other tools.


Wifi Connection Not Trusted.png

 

 

Nick
Head in the Cloud

As of yet we've not been able to work our way round this - we've not extensively tried to be fair. But we have legitimate certificates and they are installed correctly and show as trusted

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels