OS X: Intermittent delay while authenticating to TLS, PEAP, or TTLS protected Wi-Fi network

When authenticating to a Wi-Fi network that uses TLS, PEAP, or TTLS for authentication, there may be a delay of up to ten seconds before authentication completes. This can happen if the RADIUS server certificate, or any certificate in the chain that signed the RADIUS server certificate, is configured with extensions for Certificate Revocation List (CRL) and/or Online Certificate Status Protocol (OCSP). This delay may occur when first joining the network or while roaming between access points.

Set SSL as always trusted for the RADIUS server certificate.

  1. Open /Applications/Utilities/Keychain Access.
  2. Locate the RADIUS server certificate in either the login or System keychain (It should have a common name matching the fully qualified domain name of the RADIUS server).
  3. Double-click the RADIUS server certificate.
  4. Click the triangle next to Trust.
  5. Choose "Always Trust" in the pop-up menu next to Secure Sockets Layer (SSL).
  6. Close the window, then enter credentials to authorize the change if prompted.

The following commands can also be used to install a certificate into the System keychain and set the custom trust.

For a root or leaf certificate:

sudo /usr/bin/security add-trusted-cert -d -r trustAsRoot -p basic -p eap -p ssl -k /Library/Keychains/System.keychain <cert file>

For a self-signed certificate:

sudo /usr/bin/security add-trusted-cert -d -p basic -p eap -p ssl -k /Library/Keychains/System.keychain <cert file>

Repeat the above steps for any certificate in the signing chain of the RADIUS server certificate that also has extensions for CRL or OCSP.


Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Risks are inherent in the use of the Internet. Contact the vendor for additional information. Other company and product names may be trademarks of their respective owners.

Last Modified: