I’ve deployed some Radius servers (Windows Server 2012 R2 with NPS). They use PEAP-MSCHAP-V2 for authentication with a SAN Go Daddy Certificate. They are deployed in order to handle Wi-Fi connections.
The certificate works with all my devices Windows, Android but when I try to authenticate with an iPhone (iPhone 6s Plus, iOS 10), it says that the certificate of the server is “Not safe”/“Not verified” and I have to acknowledge it before attempting to connect. Then the authentication works but I would like my colleagues to be able to authenticate with their iPhone without acknowledging this certificate.
Firstly, I thought that the certificate was faulty but as I said it works with all my other devices. Moreover, I’ve checked the certificate itself and the common name, the DNS and all the relative data are correct.
I know that it is possible to import certificates in iPhone but GoDaddy! is a "Trusted Root Certification Authority" so i shouldn't have to do anything.
Is there any reason why why an iPhone wouldn't trust a GoDaddy! certificate?
P.S.: I’ve tested with an other iPhone (iPhone 6s, iOS 10) and it doesn’t work on that one either.