Deploy EAP-TLS WPA2E SSID with user certs

Chris83
New Contributor

Hi together,

firstly I would like to say that I am new to the community and hope to find some help here. Also a sorry if the form of creating questions may not be correct.

We would like to pre-publish a network SSID via plist or script of possible which does eap-tls auth with a user based certificate ( due to mac is not AD bound ) we can assume the certificate is already stored within the keychain.

I already created following bash script:

#!/bin/bash

networksetup -addpreferredwirelessnetworkatindex en0 NETWORKNAME 1 WPA2E
security set-identity-preference -c "USER NAME" -s "NETWORKNAME"

this alread pre-populates the network ssid but user still has to select EAP-TLS and correct certifcate.

To make clear what I want to do i attach pictures to manually connect to the network:

ac29391d84f043b4b51d5c2f021783e2
bffca8fc62924b839c446b1c52ef27e1

Thanks for the help

5 REPLIES 5

Tigerhaven
Contributor

Hi Chris, how did you get the user cert on a non ad machine using jamf ? should you not have active directory authentication issues ?

Kunal V

sislam
New Contributor

@Tigerhaven no, there are PKI solutions that can generate the certificates without joining the Mac to the domain via self-enrollment (like Symantec Managed PKI).

Chris83
New Contributor

Yes @sislam is right, there are PKI solutions facing this. Anyone a idea how this could be handled?

Tigerhaven
Contributor

@sislam and @chris83 for microsoft based certs any suggestions that work well with jamf ?

Kunal V

Chris83
New Contributor

The local machine does not have any microsoft based certs to work with, that is one of the features of using PKI.

Basically this is just setting a identity for a configured ssid based on a certificate in the keychain. Maybe I am on the wrong track but according to this page: https://discussions.apple.com/thread/4922201?tstart=0 it should help.