Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Apple ios7 asking to accept wireless certificate multiple times a day

Hi,

After the users upgrade their iphone to ios7, it is asking to accept certificate multiple times a day. For some ios7 users, it ask about 10 times a day to accept certificate to join the wireless network. The user is frustrated about the process to use the wifi network. However, it does not do that in ios6.

The envirnment:

Cisco 5508 - 7.4.100.60

WPA2 Enterprise - Mircosoft IAS

I search the web, didn't find anything related to the issue.

Want to check the forum and see anyone have the same issue

32 REPLIES
Hall of Fame Super Silver

Re: Apple ios7 asking to accept wireless certificate multiple ti

I run iOS 7 and never had issues. Maybe try to erase the network settings from the iPad or iPhone and then create the profile again. When you erase the network settings globally, the user will have to enter their home SSID's and any other manually again.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Apple ios7 asking to accept wireless certificate multiple times

Hello,

I do have the same issues on my side. Customers tried to remove the wireless SSID and rebuild it but no success. Scott, you're proposing to wipe completely the network configs ?

Dave

New Member

Apple ios7 asking to accept wireless certificate multiple times

Hello again,

Reset all my network settings on Iphone, rebuild my wireless connection. Waiting... I'll keep you posted if it works.

Dave

Hall of Fame Super Silver

Re: Apple ios7 asking to accept wireless certificate multiple ti

Nope... Forget the network on the Apple device and manually create it again. Or like what you did, reset the network on the apple device. These work for me since I beta test code and my iPad and iPhone freaks out.

Sent from Cisco Technical Support iPhone App

-Scott
*** Please rate helpful posts ***
New Member

Re: Apple ios7 asking to accept wireless certificate multiple ti

Hi,

I update the WLC to version 7.4.110.0 fix the issue.

Thanks for everyone's input.

Pak

New Member

Apple ios7 asking to accept wireless certificate multiple times

Hello Pak,

You tried it blindly or found something in cavehats ?

Dave

New Member

Re: Apple ios7 asking to accept wireless certificate multiple ti

Tried it blindly. The version 7.4.100.60 will cause the appliance reboot itself, Cisco recommended update to 7.4.110.0.

So happen fix the issue as well.

Hall of Fame Super Gold

Apple ios7 asking to accept wireless certificate multiple times

Just tried it now and I don't see this form of behaviour.

New Member

Re: Apple ios7 asking to accept wireless certificate multiple ti

All,

  I have upgraded 5508 to the 7.6.100.0 code (to accept my new 3702 APs) and even with the iOS ver 7.0.6 on the iphone 5s I am still seeing this bug - getting multiple "accept certificate" prompts during the day.  They are random also - sometimes I can go a couple days without the pop up - sometimes several times a day.  I want to revive this forum topic.  Has anyone found any answers to this phenomenon?

I have opened a TAC case as well, and they cannot figure out what might be causing this...

Hall of Fame Super Silver

Apple ios7 asking to accept wireless certificate multiple times

Need more detail... is this error using WebAuth, PSK, 802.1x?  I have the same setup but have an iPhone 5 and iPad with no issues on Webauth, PSK or 802.1x?

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Apple ios7 asking to accept wireless certificate multiple times

I am using WPA2 with 802.1x authentication with RADIUS server.

Hall of Fame Super Silver

Apple ios7 asking to accept wireless certificate multiple times

How many radius servers?  The reason is because you need to have the same certificate on either radius servers or else you will get prompted every time authentication goes to a different radius server.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Apple ios7 asking to accept wireless certificate multiple times

Hi all

yes we have same problem here WPA2 with 802.1x authentication and Radius server.

The problem started when users upgraded to ios7.

Had TAC look at it and they advise it is an Apple problem, as we have ios 6 devices that have no problems connecting at all.

Apple just say its our Cisco Router, not that we are using a router!! - wlc 4402 and 30 AP's.

created new Radius server on 2008R2 running NPS, but same problems.

We were hoping latest ios release for Apple would solve issues but it doesn't appear to have,

oh well..

New Member

I'm having the same issue as

I'm having the same issue as all others here .. checking in to see if someone has come up with a definitive solution yet?

 

New Member

We ended up purchasing a cert

We ended up purchasing a cert to see if it would take care of the issue and it did.  However, the users still have to trust the cert once (versus accepting it every time they connect).  I spoke with Digicert about this and they said that with iOS and RADIUS authentication you always have to trust the cert at least once.  There's no such thing as a cert that will automatically be trusted for RADIUS authentication.  This is different than regular SSL encryption.  Now that we have trusted the cert my iPhone always connects to the wireless network with no issues and stays connected.  Hopefully this helps.

New Member

Interesting! I was

Interesting! I was considering doing the same thing! Out of curiousity.. what type of digicert did your purchase? wildcard?

Thanks for the reply

New Member

no, they recommended their UC

no, they recommended their UC cert.  We did add in several alternate names so we could use the cert on multiple RADIUS servers.  When you need to deploy to another RADIUS server you just ask Digicert to send another certificate with the proper name.  There's no cost for additional copies of the cert with different names as long as those names were listed as alternate names to begin with.  I only have one RADIUS server at this site, so I'm not sure how it would work if you have multiple RADIUS servers.  I'm not sure if you would just need to trust each server once and then be good or if the phone would get confused jumping between the servers.

New Member

Thank you - after you switch

Thank you - after you switch to the new cert in RADIUS do you have to restart your NPS service?

New Member

I'm fairly certain you do.  I

I'm fairly certain you do.  I did just for good measure.

New Member

Re: Apple ios7 asking to accept wireless certificate multiple ti

We are using three RADIUS servers - however only one of those servers are a CA server.  Not sure that that helps at all.  I'm not great at RADIUS to begin with - mainly work with our server guys, and this is what they are telling me about the certificates - there is only one certificate authority on one of the RADIUS servers.

      

Also it may matter - but the CA server and one of the RADIUS server is 2003, the other two are 2012R2 servers running NPS.

Hall of Fame Super Silver

Apple ios7 asking to accept wireless certificate multiple times

The issue is if the WLC has 3 radius configured for 802.1x, the reason can be that each radius server has a different certificate.  You need to look at the certificate store for each radius server or look at the radius policy under PEAP and see what certificate your using.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Apple ios7 asking to accept wireless certificate multiple times

Hello all,

    I seem to be experiencing the same issue as you all. Currently we are using a Cisco 5508 using firmware 7.4.110.0, Using PEAP authentication to a RADIUS server. There are two RADIUS servers, one is purely a failover back-up, so users are not querying that server. The certificate that is being identified is the correct certificate from the Primary Radius server however users are being asked to add the certificate multiple times per day. Any insight on this would be helpful, as I have read the thread and nothing seems to be helping.

Thank you in advance

Andy

Hall of Fame Super Silver

Apple ios7 asking to accept wireless certificate multiple times

With the WLC, the secondary radius server can be used if the primary fails to respond.  Make sure that the certificate that is on both radius servers are the same and not different.  Many times I see the cert with the hostname of the radius server... this means the certificate is different.  you need to create a new cert that is default for both and use that for EAP.  The other certificate can be left as that is used to identify the machine.  I ran into the same thing and that was my fix.

Thanks,

Scott

*****Help out other by using the rating system and marking answered questions as "Answered"*****

-Scott
*** Please rate helpful posts ***
New Member

Hi Did you ever find a

Hi

 

Did you ever find a solution for this? I have the same problem, with almost the same setup. The funny thing is I don't see the issue with 1131 AP's, just the 3702's.

New Member

The fix we found is install

The fix we found is install the cert. to the phone. So happen we have MDM software can push the cert. to the ios phone.

New Member

Looks like I'm running into

Looks like I'm running into this at the moment too. Just put out a Flex 7510 running 7.6.120. Customer iphones running 7.1.1. At least once per day, some iphones will ask to accept a cert, others won't. My Android device doesn't have the problem. 

Running a single RADIUS server for auth. 

Is there any more info on this one?

New Member

I have this same setup, I'm

I have this same setup, I'm running 7.6.130. I experience the same issue with Iphones and Ipads only. anyone get the fix for this on the apple side yet?

Hall of Fame Super Silver

If your running multiple

If your running multiple radius servers, makes sure your using a single certificate on all radius servers. If not, then these Apple devices will prompt to accept the cert, because the FQDN of the cert is different. 

-Scott

-Scott
*** Please rate helpful posts ***
New Member

I feel like there's something

I feel like there's something else at play here and I can't figure it out! Androids never are re-prompted, iOS devices are...

Here's what I'm running:

WLC-8.0.120.0

2 Radius servers 2012r2 standard (Latest security patches - last week)

1 wildcard certificate (Works fine for both servers as both are same domain)

Radios allowed: all

WPA+WPA2

WPA2 Policy-AES

802.1x

cckm

Multiple prompts a day... (any iOS 8.x)  what other variables are there to look into?

11869
Views
0
Helpful
32
Replies
CreatePlease to create content