Using Casper PKI for EAP-TLS wireless authentication via FreeRadius?

fsjjeff
Contributor II

We're starting to look at authenticating our computers (and iOS devices) via EAP-TLS, which seems to require some kind of machine certificate. Anything I search for seems to be pointing to using an MS AD certificate server, but we're hoping to use the built in PKI server in Casper.

Our 802.1x authentication server will be FreeRadius.

Has anyone looked at this and can point me in the right direction?

Jeff

5 REPLIES 5

mbracco
Contributor

Hy,
Can one use the internal pki ca of the jss server and the generated computer certificats to be used in a 802.1x scenario. The mdm computer certificat should open the port o the switch (ethernet).
Is that possible and is someone having more info on how to setup that ?
JSS 9.7.2, Cisco Switches, 389 Directory Server

kswiedikon
New Contributor

We would like to go into the same direction. Why setting up another PKI if Casper already has one?
Did you find any answers to your question yet?

franton
Valued Contributor III

Casper's PKI is not readily accessible in the way you need for this to work. You're better off running an MS CA server in an AD environment.

user-PKrfSUyqXx
New Contributor

Is this still the case 5 years later? It seems odd that there is a built-in PKI that issues an identity certificate that you cannot utilize.

franton
Valued Contributor III

Jamf's internal CA is meant for device trust to Jamf only. It's not meant for individual users. That's why you need something like an AD CA or something that can utilise an IdP for the same purpose.