Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
15944
Views
0
Helpful
32
Replies

Apple ios7 asking to accept wireless certificate multiple times a day

pak chan
Level 1
Level 1

‎10-08-2013 11:23 AM - edited ‎07-04-2021 01:02 AM

Hi,

After the users upgrade their iphone to ios7, it is asking to accept certificate multiple times a day. For some ios7 users, it ask about 10 times a day to accept certificate to join the wireless network. The user is frustrated about the process to use the wifi network. However, it does not do that in ios6.

The envirnment:

Cisco 5508 - 7.4.100.60

WPA2 Enterprise - Mircosoft IAS

I search the web, didn't find anything related to the issue.

Want to check the forum and see anyone have the same issue

7 people had this problem
Labels:
0 Helpful
32 Replies 32

jjcool.cisco
Level 1
Level 1

‎12-23-2014 06:17 AM

I'm having the same issue.  I'm on WLC version 7.6.100.0 and have had this problem since the betas of iOS 8.  Android users don't have the problem and I don't really have any iOS users reporting the issue too often, but I certainly have the issue daily on my iPhone 6.  I don't recall every having the issue on my iPad Mini running iOS 8 as well.  I only have one RADIUS server and its Microsoft Server 2003 R2.  So there should only be one certificate in question.  I've removed the wireless settings and added it back, rebooted, turned off WiFi and back on, etc.  I haven't tried wiping the phone yet, but don't really want to do that although that may be the solution.  Any help would be greatly appreciated.

0 Helpful

b.vanderkolk
Level 1
Level 1
In response to jjcool.cisco

‎11-23-2017 04:28 AM

We also ran into this issue with Apple devices and a Cisco wireless LAN with a recent version of the WLC software 8.3.x together with Cisco ISE 2.3.x (2 PAN nodes via external loadbalancer). It seems that during the day the client is redirected to the other ISE node which starts a new EAP session and shows a certificate popup for the connected ISE node.

You could add another radius accouting/authentication configuration on the loadbalancer for the wireless part where the primary ISE node is always the preferred one (active/passive). Configure the WLC to use this new configuration, the existing/other devices can continue to use the original loadbalanced configuration.

0 Helpful

Freerk Terpstra
Level 7
Level 7
In response to b.vanderkolk

‎11-25-2017 03:29 PM - edited ‎11-25-2017 03:30 PM

You should use the same certificate on all ISE nodes who perform EAP authentication to prevent this from happening.

Keep in mind that wildcard certificates are not supported for EAP authentication on Microsoft end-points, due to this all FQDNs of the ISE nodes should be included in the cert as SANs. Using the wildcard as SAN is supported as well.

Please rate useful posts... :-)

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card