topic Re: Apple Devices not trusting public CA signed cert when connect 802. in Network Access Control https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089009#M589242 <P>Sorry can you more elaborate&nbsp;</P> <P>How many PSN you have&nbsp;</P> <P>What is CN and SAN you use in your PSN identity&nbsp; Cert&nbsp;</P> <P>Thanks&nbsp;</P> <P>MHM</P> Fri, 03 May 2024 17:34:26 GMT MHM Cisco World 2024-05-03T17:34:26Z Apple Devices not trusting public CA signed cert when connect 802.1X https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5088974#M589239 <P>Hello,</P><P>We have installed the public CA signed cert in the ISE nodes.</P><P>this is for BYOD devices which we are not managing so whenever apple devices trying to connect Wi-Fi using 802.1X auth they still need to manually trust the certificate for connection. we don't have the same problem with Android/Windows devices.</P><P>Let me know if you guys have any suggestions.</P><P>Regards,</P><P>Kunal Shah</P> Fri, 03 May 2024 16:34:37 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5088974#M589239 kshah2589 2024-05-03T16:34:37Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5088979#M589240 <P>&nbsp;</P> <P>&nbsp;- FYI :&nbsp;<A href="https://community.cisco.com/t5/network-access-control/ios-wireless-users-being-prompted-to-trust-public-certificate/m-p/3826323#M474846" target="_blank">https://community.cisco.com/t5/network-access-control/ios-wireless-users-being-prompted-to-trust-public-certificate/m-p/3826323#M474846</A></P> <P>&nbsp;M.</P> Fri, 03 May 2024 16:41:39 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5088979#M589240 Mark Elsen 2024-05-03T16:41:39Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089005#M589241 <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1586517">@kshah2589</a> iDevices (iPad's/iPhones) have to manually Trust the certificates for each PSN.</P> <P>Refer to the Cisco Live presentation <A href="https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2024/pdf/BRKSEC-2234.pdf" target="_self">BRKSEC-2234</A></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RobIngram_1-1714756905849.png" style="width: 653px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/217526i6F747363EF900D38/image-dimensions/653x341?v=v2" width="653" height="341" role="button" title="RobIngram_1-1714756905849.png" alt="RobIngram_1-1714756905849.png" /></span></P> <P>You can resolve this by using a WildSAN or MultiSAN certificate, the same certificate is used by all PSNs for the EAP authentication.</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RobIngram_0-1714756723763.png" style="width: 666px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/217524i7476A59627A53171/image-dimensions/666x393?v=v2" width="666" height="393" role="button" title="RobIngram_0-1714756723763.png" alt="RobIngram_0-1714756723763.png" /></span></P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="RobIngram_2-1714757250299.png" style="width: 650px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/217527i0840CE9047678C6D/image-dimensions/650x303?v=v2" width="650" height="303" role="button" title="RobIngram_2-1714757250299.png" alt="RobIngram_2-1714757250299.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 03 May 2024 17:28:41 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089005#M589241 Rob Ingram 2024-05-03T17:28:41Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089009#M589242 <P>Sorry can you more elaborate&nbsp;</P> <P>How many PSN you have&nbsp;</P> <P>What is CN and SAN you use in your PSN identity&nbsp; Cert&nbsp;</P> <P>Thanks&nbsp;</P> <P>MHM</P> Fri, 03 May 2024 17:34:26 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089009#M589242 MHM Cisco World 2024-05-03T17:34:26Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089040#M589243 <P>We are using MultiSAN certificate with same certificate installed in both PSN but still getting an error.</P> Fri, 03 May 2024 18:19:09 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089040#M589243 kshah2589 2024-05-03T18:19:09Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089042#M589244 <P>We have 2 PSN in our environment one in east coast and second in west coast , CN = abc.domain.com and SAN1 = abc.domain.com(first PSN) and SAN2 = xyz.domain.com(second PSN)</P> Fri, 03 May 2024 18:21:32 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089042#M589244 kshah2589 2024-05-03T18:21:32Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089146#M589245 <P>OK, can you try this<BR />add new test WLAN and add first PSN only as AAA server and check if the macOS can connect or not.<BR />if it can connect then issue with SAN of Cert&nbsp;</P> <P>MHM</P> Fri, 03 May 2024 19:32:20 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089146#M589245 MHM Cisco World 2024-05-03T19:32:20Z Re: Apple Devices not trusting public CA signed cert when connect 802. https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089220#M589246 <P>Thanks for suggestions but Android/Windows doesn't have problem. Do you still want to me test?</P> Fri, 03 May 2024 20:16:38 GMT https://community.cisco.com/t5/network-access-control/apple-devices-not-trusting-public-ca-signed-cert-when-connect/m-p/5089220#M589246 kshah2589 2024-05-03T20:16:38Z