Mac OS X "Verify Certificate" every time connecting to secure wireless
I had this issue with a user at my work and I was able to resolve the issue by removing the Macbook from our domain, deleting the certificate, and then rejoining the Macbook to the domain. After I did that it just asked to verify the cert once and then it was good.
Related videos on Youtube
Yanzzee
Updated on September 18, 2022Comments
-
Yanzzee over 1 year
Every time connecting to the secure wireless, Macs are getting a prompt to verify the certificate:
Verify Certificate
Authenticating to network "Network-Name"
Before authenticating to server "ServerName", you should examine the server's certificate to ensure that it is appropriate for this network.
To view the certificate click 'Show Certificate'.
Screenshot below; some names redacted.
This is happening on multiple Macs, every time they reconnect to the wireless. I thought it was a cert trust issue, but selecting "Always trust" does not have any effect. Also the cert is signed by DigiCert.
This seems to be a problem on OS 10.11, but I haven't confirmed that previous OSes are able to actually trust the cert. Other OSes are not having this problem.
How can I permanently trust this cert so it remembers it next time I connect? What could be causing this?
More info from Network Preferences:
- 802.1X: Default
- Authenticated via EAP-PEAP (MSCHAPv2)
- WPA2 Enterprise
- Network is remembered to automatically join
-
Yanzzee about 8 yearsAfter further investigation, it looks like the intermediate cert is not installed, so it's not trusted for some reason.
-
Dennis Haarbrink about 7 years@ Yanzzee what did you do to fix this issue?
-
Yanzzee about 7 yearsIt's been a while since I've looked at this, but as far as I know we had to install the Digicert intermediate cert into the freeradius server for clients to trust it.
-
Tim Visee over 6 yearsIt does seem that macOS High Sierra has solved this issue, about macOS forgetting that you've trusted certificates.
-
ivan-k over 5 yearsOn High Sierra (10.13.6), removing the certificate and reconnecting did the trick.