I use one WLAN very frequently that uses WPA2 Enterprise for authentication; this also means that the certificate used for authorization has to be renewed every year. Getting the new certificate is not really that much of an issue, but renewing it was really hard this time….

In OSX 10.5 the certificate has to be imported into Keychain Access, which worked as expected. But for some reason the certificate was not used for authentication, the dialog for WPA2 Enterprise networks always defaulted back to the 1Password certificate. The first in list. Which obviously failed.
It took me a while to figure out where exactly the certificate has to be chosen in the Network Preferences pane – in a dialog that is very well hidden:

The iPhone was even worse – importing the certificate (and creating a new profile with it) was not a big deal. But again, only the first, old, expired certificate was used. Nothing easier then that, just remove the profile. Interestingly the certificate was still there in the “add WLAN” dialog. Removed the newly imported certificate – the old one is still there. Reset network settings – the certificate is still there. WTF?!?!
What finally worked was installing the old, expired certificate and then removing it again, without installing the new one. This removed the profile *and* the certificate from the phone. Then installing and using the new certificate was simple and worked as usual.
My guess is that the two profiles/certificates with the same name somehow confused the iPhone – so the process is to remove the old certificate before adding the new one.

While I hope this blog post helps others when they have to exchange their WPA2 Enterprise Certificate it will definitely help me next year on August 28th when I have renew mine again