3

Every time connecting to the secure wireless, Macs are getting a prompt to verify the certificate:

Verify Certificate

Authenticating to network "Network-Name"

Before authenticating to server "ServerName", you should examine the server's certificate to ensure that it is appropriate for this network.

To view the certificate click 'Show Certificate'.

Screenshot below; some names redacted.

This is happening on multiple Macs, every time they reconnect to the wireless. I thought it was a cert trust issue, but selecting "Always trust" does not have any effect. Also the cert is signed by DigiCert.

This seems to be a problem on OS 10.11, but I haven't confirmed that previous OSes are able to actually trust the cert. Other OSes are not having this problem.

How can I permanently trust this cert so it remembers it next time I connect? What could be causing this?

More info from Network Preferences:

  • 802.1X: Default
  • Authenticated via EAP-PEAP (MSCHAPv2)
  • WPA2 Enterprise
  • Network is remembered to automatically join

Mac Verify Certificate prompt

Improve this question
4
  • After further investigation, it looks like the intermediate cert is not installed, so it's not trusted for some reason.
    – Yanzzee
    Commented Feb 19, 2016 at 4:46
  • @ Yanzzee what did you do to fix this issue?
    – Dennis Haarbrink
    Commented Mar 24, 2017 at 6:58
  • 1
    It's been a while since I've looked at this, but as far as I know we had to install the Digicert intermediate cert into the freeradius server for clients to trust it.
    – Yanzzee
    Commented Mar 27, 2017 at 18:21
  • It does seem that macOS High Sierra has solved this issue, about macOS forgetting that you've trusted certificates.
    – Tim Visee
    Commented Dec 6, 2017 at 14:19

1 Answer 1

Reset to default
1

I had this issue with a user at my work and I was able to resolve the issue by removing the Macbook from our domain, deleting the certificate, and then rejoining the Macbook to the domain. After I did that it just asked to verify the cert once and then it was good.

Improve this answer
1
  • On High Sierra (10.13.6), removing the certificate and reconnecting did the trick.
    – ivan-k
    Commented Aug 20, 2018 at 16:10

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .