Open Radar

 
Area:
Network Extensions Framework

Summary:

Networks configured with a NEHotspotConfiguration will work but sometimes the OS will prompt to accept a certificate, which doesn't work as expected.

Steps to Reproduce:

1. Install our app which configures a network with SSID and EAP settings. This includes an intermediate cert for the WiFi authentication server, which is generated by a trusted root CA (DigiCert).
2. The app will apply the configuration and the OS will connect to the configured network most of the time.
3. When near an access point (?) the OS will show an alert (screenshot attached) and offer to accept the certificate, view details or cancel.
4. Tap View Certificate Details
5. Observe that Settings > WiFi is opened, but no certificate details are shown and joining the network has failed. (Screenshot attached)

Expected Results:

I wouldn't expect this alert to be shown if the same NEHotspotConfiguration has been used by the OS to successfully authenticate with a network. Presumably the included certificate is correctly trusted and matches what is on the server if this is the case. Perhaps something on the network side is causing this, though. Can you recommend any suggestions for things to investigate to see if that's the case?

Second, when this alert is shown, choosing View Certificate Details should show the certificate details. I would expect that this would look like the certificate or profile trust UI used in other situations. If for some reason the details can no longer be shown, a message that explains that might align better with the user's expectations.

Actual Results:

Certificate is prompted to be trusted or inspected. Attempting to view certificate details fails to present them to the user.

Version/Build:

11.2.6 (15D100)

Configuration:

iPhone 8