Jamf Pro/SecureW2/SCEP

DaneAbernathy
New Contributor III

Has anyone successfully used the SecureW2 SCEP setup with Jamf on macOS AND iOS?

I am having an issue with our iOS devices not connecting to the network. They get the profile payload that includes the cert, Wi-Fi profile, and SCEP settings (the same settings as on the macOS devices) and the iOS device starts to connect but never fully connects and just cycles through the connection process over and over. The macOS devices connect fine a few minutes after they get the cert.

It gets the cert from SecureW2, so that part is working, but it just never actually connects to the network. I followed their, somewhat out-of-date, instructions found here:

Deploy Client Certificates via SCEP to Jamf Managed Devices (securew2.com)

 

Anyone else had issues with the setup for iOS devices?

1 ACCEPTED SOLUTION

DaneAbernathy
New Contributor III

Figured out the issue:

In the config profile menu in Jamf pro for macOS there is a drop-down menu to select the cert, that option is missing on the Mobile Device config profile menu, screenshots below. Our network guy added our SecureW2 cert for the Jamf connection into our ISE server and the iPad immediately connected.

Here is the option I am referring to in the Computers config profile menu for Networks:

DaneAbernathy_0-1660219954355.png

 

And here it the mobile device WiFi config menu with the dropdown missing:

DaneAbernathy_1-1660220027342.png

 

The certificate, WiFi settings, and SCEP settings are all in the same profile and setup exactly like our computer profile. This is the only difference I can find and it is included in SecureW2s instructions. 

If you have this problem, upload the cert to your ISE, or equivalent, server so your server makes the trust connection in lieu of the missing setting .

View solution in original post

2 REPLIES 2

DaneAbernathy
New Contributor III

Figured out the issue:

In the config profile menu in Jamf pro for macOS there is a drop-down menu to select the cert, that option is missing on the Mobile Device config profile menu, screenshots below. Our network guy added our SecureW2 cert for the Jamf connection into our ISE server and the iPad immediately connected.

Here is the option I am referring to in the Computers config profile menu for Networks:

DaneAbernathy_0-1660219954355.png

 

And here it the mobile device WiFi config menu with the dropdown missing:

DaneAbernathy_1-1660220027342.png

 

The certificate, WiFi settings, and SCEP settings are all in the same profile and setup exactly like our computer profile. This is the only difference I can find and it is included in SecureW2s instructions. 

If you have this problem, upload the cert to your ISE, or equivalent, server so your server makes the trust connection in lieu of the missing setting .

Hello, we are looking at implementing this too and testing soon with SecureW2, when you setup the external CA with the SCEP Proxy settings and uploaded the Change Signing and CA Certificates, does this affect the Jamf Pro built-in CA?  We use the built-in Jamf Pro CA for enrollment and don't want to change that.  Did this external CA cause you to have to re-enroll all your devices?