How to install and trust a 802.1x Radius certificate on the iOS device programmatically

Hi,

In our project we have a device which will provide a secure access point(wifi and ethernet) and it is using a 802.1x Radius server authentication system. In order for the iOS devices to be network trusted in 802.1X, the root and intermediate CAs must be installed in iOS device.

How can this be done programmatically in swift without sharing the user a link with the trusted certificate to the iOS devices and asking user to manually trust it from Certificate Trust Settings.

Can I add the certificate to the list of trusted anchors using SecTrustSetAnchorCertificates(_: _:).

Up vote post of SJose Down vote post of SJose
1.2k views
Posted by
SJose
Reply
Add a Comment

Replies

Are you in a managed environment?

Most folks in this situation are working in a managed environment, and thus they install the Wi-Fi configuration and its associated credentials using MDM.

Oh, or by this:

In our project we have a device

do you mean a Wi-Fi based accessory?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • @eskimo

    Most folks in this situation are working in a managed environment, and thus they install the Wi-Fi configuration and its associated credentials using MDM. -> we are not working in a managed environment

    do you mean a Wi-Fi based accessory? -> yes this is a portable accessory which will provide a secure network(through wifi and ethernet).

    SJose
Add a Comment

@eskimo In developer document it is mentioned setTrustedServerCertificates(_:)

Sets trusted EAP server certificates for an enterprise Wi-Fi or Hotspot 2.0 network. Can I make use of this function for my scenario?. The app I am working on is for common users and not for any restricted group.

The accessory which I am working will provide a wifi point to which any iOS device with installed radius certificate should be able to.join without any authentication.

So through my IOS app I need to install and trust this certificate.

Once joined to the wifi even though app is killed the device should still connected to the SSID

Posted by
SJose
Up vote reply of SJose Down vote reply of SJose
Add a Comment

this is a portable accessory

OK.

On iOS you can add Wi-Fi configurations using NEHotspotConfigurationManager. That API supports various security options, including EAP (via NEHotspotEAPSettings). The EAP support does let you override the server trust evaluation done by the client device using the setTrustedServerCertificates(_:) method that you mentioned.

That can be tricky to get working but, based on this thread, I believe it should work on current systems.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment