Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >
article

KB-9497: Apple Certificate Validation behavior change in OS X 10.12.4 (Apple bug #32222654)

Centrify Identity Service, Mac Edition ,  

4 December,17 at 07:57 AM

Applies to: Centrify DirectControl Mac agent version 5.3.1 or above
 
Problem:

802.1x Wi-Fi network (using Machine certificate to authenticate) does not connect automatically anymore, instead it requires to manually select the certificate that validates the connection.

User-added image

The auto-connect was working just fine in the OS version 10.12.3 and below, but after upgrading to OS verison 10.12.4 - 10.12.6 seems to break the automatic authentication.
 
Answer:
The issue is due to the behavior change introduced by Apple in OS version 10.12.4 as follow:

https://support.apple.com/en-us/HT207797

802.1X
Available for: macOS Sierra 10.12.4

Impact: A malicious network with 802.1X authentication may be able to capture user network credentials

Description: A certificate validation issue existed in EAP-TLS when a certificate changed. This issue was addressed through improved certificate validation.

Resolution:
Apple has fixed the problem in OS version 10.13. Therefore, please consider to perform an upgrade on the OS along with Centrify agent 5.4.2 or above.

Still have questions? Click here to log a technical support case, or collaborate with your peers in Centrify's Online Community.