Whenever a new clients login using SSID Green,using cisco WLC 4404, there is a prompt saying certificate is not valid. No doubt, clients can connect once they accept the certificate. Is there anyway I can remove this prompt? We have ACS doing authentication.The certificate is signed by authorized bodies? Please advice
I have indeed.
Pushing the profile can happen a few ways. If you use ISE you can push a profile in auto enrollment. Whereby you create the wireless profile (SSID, Security, Add Cert). This is delivered to the user automatically during enrollment.
Another way to make profiles and manually push is with the Apple Configurator.
You can also use a tool like Jamf for MACs to make and push profiles.
Hope this helps ..
"Satisfaction does not come from knowing the solution, it comes from knowing why." - Rosalind Franklin
"I'm in a serious relationship with my Wi-Fi. You could say we have a connection."
"Im like bacon, I make your wireless better"
I spoke to my apple se about this very subject. The apple key chain that holds the certs isn't used for wifi. In fact apple requires a user to validate cert the first time, trusted CA or not. The cert, once trusted, is stored in the wireless profile. Blow away the profile, you blow away that WLAN cert and you have to trust it again.
Only way around the pop up, push a WLAN profile to the device with the cert ..
Sent from Cisco Technical Support iPad App
You can look at the trusted ca for the device
Get a certificate from one of the vendors who's apple has the root ca in the trust list and install that on your ACS for 802.1x or if for guest WebAuth install it in the WLC.
Sent from Cisco Technical Support iPhone App
Is it happening with all client or only with Apple devices ??
Also chekc this: Configure your clients to not check the trust path of your RADIUS server's certificate (i.e., uncheck the box that says "validate server certificates").