802.1X and cert profiles

David_H
New Contributor II

We are currently using a single profile to push a User cert and the 802.1X wireless connection to Macs in our environment. I am trying to break this profile out to two profiles so that the cert is pushed in one profile and the wireless config is pushed in another. The reason being is the Macs are not renewing the cert from our AD CA correctly sometimes. So we sometimes need to re-push the cert but have issues where the profile fails and they lose the wireless config.

The problem I am having is linking the cert on the first profile to the wireless config on the second profile. I can select the cert if I click on WiFi connection manually a few times but that is not good for rolling out to a thousand or so users. Any know how to link the cert to the WiFi config either by script or some other setting?

Thanks,

David

4 REPLIES 4

bjharper
New Contributor II

Not sure if this helps, but I have my issuing and root CA certs loaded into the same config along with wireless network payload(s). Been wrestling with 802.1x on Ethernet- there's a known product defect around that, so definitely hit up Jamf support if/when you are loading .1x config profiles for Ethernet connections.

MacSysAdmin
Contributor

What's the user cert naming convention?

You could potentially smart group all computers with a certificate then use that as group as your WiFi profile target.

David_H
New Contributor II

@BostonMac the naming convention for the user cert is the AD CN of the user. Each user is has their own certificate that is used for the authentication onto the wireless.

I looked in the second profile but I don't see were to tell the WiFi profile which cert to use unless its the cert is pushed in the same profile.

davidacland
Honored Contributor II
Honored Contributor II

I haven't tried this but I would probably download the profile and see if the value could be set in the XML and re-uploaded.