Posted on 12-22-2020 08:47 PM
Our org is currently rolling out PKI certificates for VPN, we already have existing network certificates configured and deployed for users to connect to corp wi-fi.
As of now we are using two separate config profiles, one for Wi-Fi and one for VPN, both slightly different in configuration. The VPN utilizes User Principle Name where as the Wifi certificates are not configured that way.
What I am noticing is some devices depending on when the config profiles deploy (first example) if VPN gets deployed first THEN Wi-fi anyconnect throws up an error "your certificate is invalid for the selected group". however if I remove the certificate/config profile and redeploy the VPN config profile with certs it prompts the user for their PKI password....now I don't know if corp wifi still works in either of these scenarios as of now, but is there something to reconsider on setting up our network profiles?
single profile? or should there be separate profiles, if so should they match? (example, both should use User Principle Name) etc.