Why does OS X repeatedly prompt for certificate trust when joining WPA2 Enterprise WiFi

certificatekeychainwifi

WHY does OS X always prompt for certificate trust when connecting to WPA2 Enterprise (EAP-PEAP in my case) networks, even if the certificate is already marked as 'trusted'?

Even weirder.. if I delete the cert from keychain access, then click 'Continue' to the first cert prompt, but the click 'Cancel' on the elevation credentials window.. I am somehow still able to connect to the WiFi network…

WPA2 Enterprise Certificate Trust elevation prompt
Keychain Certificat Trust

Best Answer

  • I had the same issue and my solution was to change the access control on the certificate's private key to not require confirmation. Go to My Certificates, expand your certificate, and open the private key settings. You could probably be more selective and just allow whatever "application" handles WiFi, but in my case it wasn't necessary.

    enter image description here