Sierra Constantly Prompting for Cert Verification

bsanto
New Contributor II

Hey Guys,

Weird issue here. I'm seeing the issue described here in my environment: https://m.reddit.com/r/sysadmin/comments/52mz6r/apple_sierra_breaks_ssl_w_blank_subject/

Basically, when you connect a Sierra mac to the corporate WPA Enterprsie WiFi, Sierra will always request for you to validate the certificate, even after marking the cert as "Always Trusted." On first connection it gives an error: "This certificate is not valid (empty subject name)" It's an X509 cert.

Subsequent times it doesn't give that error, but always pushes a pop up to verify the certificate. This didn't happen in El Capitan, and I've tried setting up the network connection manually and still get the same outcome.

(I'm on the latest patch of Sierra as well, just to make sure)

Is anyone else seeing this? Anyone found a way to not get the pop up every single time you connect to WiFi?

4 REPLIES 4

BOBW
Contributor II

Hi @bsanto

Just a quick thought, is your time / date / location correct?

bsanto
New Contributor II

@BOBW

So far as I know. Good thing to check regardless. I'll let you know.

Edit: Yup, date/time/location are all correct.

bsanto
New Contributor II

Followup:

I ended up changing the certificate that the RADIUS server was using in the Windows Network Policy Service. When I changed it to a different cert that also identifies the RADIUS server, everything works as expected now.

mm13
New Contributor II

Hey bsanto!

Could you elaborate on your fix, please? We can't tell where an X509 cert is getting pushed from in NPS; but we are experiencing the same issue you've outlined. Any help would be appreciated.