3
Every time connecting to the secure wireless, Macs are getting a prompt to verify the certificate:
Verify Certificate
Authenticating to network "Network-Name"
Before authenticating to server "ServerName", you should examine the server's certificate to ensure that it is appropriate for this network.
To view the certificate click 'Show Certificate'.
Screenshot below; some names redacted.
This is happening on multiple Macs, every time they reconnect to the wireless. I thought it was a cert trust issue, but selecting "Always trust" does not have any effect. Also the cert is signed by DigiCert.
This seems to be a problem on OS 10.11, but I haven't confirmed that previous OSes are able to actually trust the cert. Other OSes are not having this problem.
How can I permanently trust this cert so it remembers it next time I connect? What could be causing this?
More info from Network Preferences:
- 802.1X: Default
- Authenticated via EAP-PEAP (MSCHAPv2)
- WPA2 Enterprise
- Network is remembered to automatically join
After further investigation, it looks like the intermediate cert is not installed, so it's not trusted for some reason. – Yanzzee – 2016-02-19T04:46:16.087
@ Yanzzee what did you do to fix this issue? – Dennis Haarbrink – 2017-03-24T06:58:28.970
1It's been a while since I've looked at this, but as far as I know we had to install the Digicert intermediate cert into the freeradius server for clients to trust it. – Yanzzee – 2017-03-27T18:21:57.873
It does seem that macOS High Sierra has solved this issue, about macOS forgetting that you've trusted certificates. – Tim Visee – 2017-12-06T14:19:16.703