Wireless 802.1x Machine Mobile Config File and Preinstalled Machine Certificate?

Are you creating the cert using like SCEP or how is the cert getting to the machine?

I have ours setup so that we use the SCEP payload to create a cert and then in the Network payload, add the Wi-Fi info and point to the SCEP payload.

If you're using just one cert and not creating individually, you can also upload that cert into the Network payload.

We're not using SCEP unfortunately, I have another mobileconfig which is being delievered to the MAC's when built, this has the ROOT CA, the Issuing Certs which are used to request a Machine cert via the Certificate server and places all 5 items in the keychain.

Ok, sounds like you are using the same cert then. You should be able to upload the cert you want selected in the Certificate payload and then in Network payload the drop down box should have that cert for you to select for that Wi-Fi profile.

That make sense but how would you go about doing that for a mass deployment as the machine certs are obviously in the keychain don't want to have to export the cert and build it into the Wireless 802.1X mobileconfig?

I am looking to do something similar. We deployed mobileconfigs that request an AD cert and use it for two of our network SSIDs. Now we are being asked to use the cert for wired 802.1x and another wifi SSID, and I don't know how to deploy an additional mobileconfig that will utilize those existing certs.

What about using the AD Certificate payload to create a cert and then in the Network payload pointing to that cert? You have to have all the payloads in the same config profile though.

I know this would work as I can trust the Network Payload with the AD Machine certificate and is the option i've gone with for the moment, just seeing if there's a way to deploy the machine cert ahead of time which can be utilised from the keychain for other things Network being one, doesn't seem like the OS is capable of that action.