Posted on 05-28-2015 11:19 AM
We're starting to look at authenticating our computers (and iOS devices) via EAP-TLS, which seems to require some kind of machine certificate. Anything I search for seems to be pointing to using an MS AD certificate server, but we're hoping to use the built in PKI server in Casper.
Our 802.1x authentication server will be FreeRadius.
Has anyone looked at this and can point me in the right direction?
Jeff
Posted on 07-08-2015 09:13 AM
Hy,
Can one use the internal pki ca of the jss server and the generated computer certificats to be used in a 802.1x scenario. The mdm computer certificat should open the port o the switch (ethernet).
Is that possible and is someone having more info on how to setup that ?
JSS 9.7.2, Cisco Switches, 389 Directory Server
Posted on 08-24-2016 03:51 PM
We would like to go into the same direction. Why setting up another PKI if Casper already has one?
Did you find any answers to your question yet?
Posted on 08-25-2016 04:31 AM
Casper's PKI is not readily accessible in the way you need for this to work. You're better off running an MS CA server in an AD environment.
Posted on 01-11-2021 07:00 AM
Is this still the case 5 years later? It seems odd that there is a built-in PKI that issues an identity certificate that you cannot utilize.
Posted on 01-11-2021 08:36 AM
Jamf's internal CA is meant for device trust to Jamf only. It's not meant for individual users. That's why you need something like an AD CA or something that can utilise an IdP for the same purpose.