bigdog5200
Level 1 (0 points)

Q: Can't accept certificate

I have a new iPhone 6 with IOS 8.  I need to use a use a certificate to configure my WIFI at work.  I create a new network, using WPA2 Enterprise, the mode is set to EAP-TLS.  When I join, it prompts me with my certificate, When I try to install the certificate, I get the accept button, however, it when I press on the accept button, nothing happens.

Posted on Sep 25, 2014 6:57 AM

Close
bigdog5200

Q: Can't accept certificate

  • All replies
  • Helpful answers

  • by gdgmacguy,

    gdgmacguy gdgmacguy Sep 25, 2014 7:31 AM in response to bigdog5200
    Level 7 (21,104 points)
    iPhone
    Sep 25, 2014 7:31 AM in response to bigdog5200

    What did your IT department say?

  • by bigdog5200,

    bigdog5200 bigdog5200 Sep 25, 2014 9:24 AM in response to gdgmacguy
    Level 1 (0 points)
    Sep 25, 2014 9:24 AM in response to gdgmacguy

    My IT department was not able to provide any assistance with this problem.  I had this working with an iPhone 5 and IOS 7.  There was no change to the network configuration in my office.  I believe the problem is with IOS, and not my network.

  • by wifigood,

    wifigood wifigood Sep 26, 2014 9:20 AM in response to bigdog5200
    Level 1 (0 points)
    Sep 26, 2014 9:20 AM in response to bigdog5200

    iOS 8 is more strict about the configuration of RADIUS server trust in iOS 8 than in iOS 7. In iOS 7, it was possible to create a Wifi configuration profile that sets trust to the RADIUS server improperly. In that case, the user could manually join the network and get prompted to trust the RADIUS server certificate. In iOS 8, if using a configuration profile to configure WiFi, you must configure trust to the RADIUS server properly. Apple has a knowledge base article which explains how to configure RADIUS server trust when using TLS, TTLS, or PEAP: OS X Server: How To Configure RADIUS Server Trust in Configuration Profiles when using TLS, TTLS, or PEAP

     

    If you don't have a Mac, you can get a WiFi debug logging profile from Apple here: https://developer.apple.com/bug-reporting/ios/wi-fi/

     

    After installing the profile, join the network manually by going to Settings > WiFi > Other. Manually enter the details for the network, including Security and Mode and then join the network. In most cases, it will successfully join and you will be prompted to trust the RADIUS server certificate. Next, follow the instructions in the Apple developer link above to sync the debug logs to the computer. Locate the log files that begin with com.apple.networking.eapol.log. Now, follow the instructions in the Apple kb article to locate the"TLSServerCertificateChain" key and you will see the certificates that are presented by the RADIUS server. Follow the directions in that article to extract those certificates and then add them to your WiFi configuration profile and you'll be in business.

     

    -wifigood