Help

Wifi Certs are not trusted in Sierra

engh
New Contributor III

Posted on ‎07-12-2017 01:07 PM

We have been pushing out wifi certificates to a small group of machines using the Guest account. It works as expected (not prompting the user to accept the certs) in El Cap but in Sierra, users are still getting prompted. All of the certificates in the chain are being issued in the same configuration profile.

Normally this wouldn't be an issue but with the Guest account not having a password, they are not allowed to accept the cert.

Did something change in Sierra (or in some recent .x release or security update) that no longer allows certs installed at the System level to be trusted?

We are issuing them through Configuration Profiles.

0 Kudos
4 REPLIES 4

cyberspread_71
New Contributor III

Posted on ‎07-31-2017 10:54 AM

We are having the same issue. Any fix for this?

0 Kudos

mlavine
Contributor

Posted on ‎07-31-2017 01:14 PM

You might be seeing this: SHA-1 Certificate Warning

0 Kudos

alexjdale
Valued Contributor III

Posted on ‎07-31-2017 03:40 PM

We install our root/chain certs with JSS scripts instead of profiles. Echo the cert to a temp folder then use the "security" command to install them to the system keychain with explicit trust for EAP.

Something happened in I think 10.12.5 that interfered with trust settings for certs installed by config profiles.

0 Kudos

engh
New Contributor III

Posted on ‎08-17-2017 01:05 PM

UPDATE:

I was able to get them working but had to also create a wifi payload in the same config profile with the certs being installed for a specific SSID (no credentials specified since we have users authenticate) and then selected certs and trusted them. This, however, only works for ONE SSID. If you create another SSID with those same trusted certs, it de-trusts (or something) then for the first SSID.

-Dan

0 Kudos