- Jamf Nation Community
- Products
- Jamf Pro
- Re: Wireless 802.1x Machine Mobile Config File and...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Wireless 802.1x Machine Mobile Config File and Preinstalled Machine Certificate?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 08:28 AM
Hi,
So my problem is, i'm configuring the Wireless 802.1X mobile config profile via EAP-TLS my issue is i'm trying to utilise the machine certificate already located in the keychain from building the mac and joining it to AD, other than the mobileconfig going out and requesting a new machine cert is there anyway I can utilise the cert already in the Keychain?
Let me know if you need more info.
Thanks,
Sachin
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 09:04 AM
Are you creating the cert using like SCEP or how is the cert getting to the machine?
I have ours setup so that we use the SCEP payload to create a cert and then in the Network payload, add the Wi-Fi info and point to the SCEP payload.
If you're using just one cert and not creating individually, you can also upload that cert into the Network payload.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 09:17 AM
We're not using SCEP unfortunately, I have another mobileconfig which is being delievered to the MAC's when built, this has the ROOT CA, the Issuing Certs which are used to request a Machine cert via the Certificate server and places all 5 items in the keychain.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 10:36 AM
Ok, sounds like you are using the same cert then. You should be able to upload the cert you want selected in the Certificate payload and then in Network payload the drop down box should have that cert for you to select for that Wi-Fi profile.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 11:31 AM
That make sense but how would you go about doing that for a mass deployment as the machine certs are obviously in the keychain don't want to have to export the cert and build it into the Wireless 802.1X mobileconfig?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 11:39 AM
I am looking to do something similar. We deployed mobileconfigs that request an AD cert and use it for two of our network SSIDs. Now we are being asked to use the cert for wired 802.1x and another wifi SSID, and I don't know how to deploy an additional mobileconfig that will utilize those existing certs.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-28-2016 02:02 PM
What about using the AD Certificate payload to create a cert and then in the Network payload pointing to that cert? You have to have all the payloads in the same config profile though.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Posted on 01-29-2016 04:55 PM
I know this would work as I can trust the Network Payload with the AD Machine certificate and is the option i've gone with for the moment, just seeing if there's a way to deploy the machine cert ahead of time which can be utilised from the keychain for other things Network being one, doesn't seem like the OS is capable of that action.
Reply
