802.1x HM Server Not Verified

  • 1
  • Question
  • Updated 4 years ago
  • Answered
I have just made one of our SSID's use a 802.1x sign on feature. I have made sure that all of my system admin passwords and my shared secret password are correct. It looks like it takes my information and it the says my username and password for this particular SSID is incorrect, which is not true. What settings do I have to change in order for this to work.

Photo of James


  • 9 Posts
  • 0 Reply Likes
  • Annoyed

Posted 4 years ago

  • 1
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
2 things:
the cert called HM server is most likely signed by a root ca that the device does not trust, thus the cert is not verified as being signed by a trusted source. You would need to load the root ca public cert that signed the server identity cert which should represent the radius server and any intermediate ca certs as well.

assuming you are using PEAP - you can get a commercial cert for your radius server signed by ca trusted by ios devices.


You could get a wildcard cert, but I hear windows devices interpret the * as an actual character

However, if you are using a self issued server identity cert you will need to provide your devices your internal CA public cert to their trusted root authorities.

this can be added to the key chains prior to imaging or adding the root ca public key to Apple Configurator profiles.

Windows is a bit more complicated

2nd thing based on your other post


depending on your ldap
make sure the account used to do ldap queries is in the correct format
you will need to match you what your ldap server expects to see
for example

Did you ever resolve your other issue?


Just curious