802.1X eap-tls radius server certificate

Question

Level 1

4 points

802.1X eap-tls radius server certificate

Hi all,

i see this question was asked several times but the final answer is still not clear to me. My environment is the following:

802.1X with eap-tls authentication SSID;
trying to connect iOS devices only;
no chance, by now, to use any MDM.

i manually provide and install user certificate to the device and configure it as identity for the SSID, this is a certificate chain that embeds the same root CA cert that signed our radius server certificate but when i connect to the SSID the first time, the device asks me to "authorize" it (if i do, i can correctly connect ti the SSID).

Is there a way to "pre-authorize" this certificate ? Also, our radius server certificate expires every two years, what happens to users when this will be changed? they will be again asked to authorize it? what if i keep same subject for new certificate?

Thanks in advance

Posted on Oct 12, 2023 1:51 AM

Reply

Answer 1

celliott147

Level 6

12,582 points

Oct 19, 2023 7:58 AM in response to alessandro_s

You cannot pre-authorize certificates without MDM. This is for user security.

Reply

Answer 2

Carol B.

Level 6

17,837 points

Oct 19, 2023 6:03 AM in response to alessandro_s

For a better chance of an answer, please contact Apple Support directly by selecting Support at the top or bottom of the screen. Or, you can set up a time to discuss this with Apple, using the Genius Bar.

Genius Bar Reservation and Apple Support Options - Apple

Reply

802.1X eap-tls radius server certificate

Similar questions