Help

Wireless 802.1x Machine Mobile Config File and Preinstalled Machine Certificate?

Sachin_Parmar
Contributor

Posted on ‎01-28-2016 08:28 AM

Hi,

So my problem is, i'm configuring the Wireless 802.1X mobile config profile via EAP-TLS my issue is i'm trying to utilise the machine certificate already located in the keychain from building the mac and joining it to AD, other than the mobileconfig going out and requesting a new machine cert is there anyway I can utilise the cert already in the Keychain?

Let me know if you need more info.

Thanks,

Sachin

0 Kudos
7 REPLIES 7

jbkiggins
New Contributor

Posted on ‎01-28-2016 09:04 AM

Are you creating the cert using like SCEP or how is the cert getting to the machine?

I have ours setup so that we use the SCEP payload to create a cert and then in the Network payload, add the Wi-Fi info and point to the SCEP payload.

If you're using just one cert and not creating individually, you can also upload that cert into the Network payload.

0 Kudos

Sachin_Parmar
Contributor

Posted on ‎01-28-2016 09:17 AM

We're not using SCEP unfortunately, I have another mobileconfig which is being delievered to the MAC's when built, this has the ROOT CA, the Issuing Certs which are used to request a Machine cert via the Certificate server and places all 5 items in the keychain.

0 Kudos

jbkiggins
New Contributor

Posted on ‎01-28-2016 10:36 AM

Ok, sounds like you are using the same cert then. You should be able to upload the cert you want selected in the Certificate payload and then in Network payload the drop down box should have that cert for you to select for that Wi-Fi profile.

0 Kudos

Sachin_Parmar
Contributor

Posted on ‎01-28-2016 11:31 AM

That make sense but how would you go about doing that for a mass deployment as the machine certs are obviously in the keychain don't want to have to export the cert and build it into the Wireless 802.1X mobileconfig?

0 Kudos

alexjdale
Valued Contributor III

Posted on ‎01-28-2016 11:39 AM

I am looking to do something similar. We deployed mobileconfigs that request an AD cert and use it for two of our network SSIDs. Now we are being asked to use the cert for wired 802.1x and another wifi SSID, and I don't know how to deploy an additional mobileconfig that will utilize those existing certs.

0 Kudos

jbkiggins
New Contributor

Posted on ‎01-28-2016 02:02 PM

What about using the AD Certificate payload to create a cert and then in the Network payload pointing to that cert? You have to have all the payloads in the same config profile though.

0 Kudos

Sachin_Parmar
Contributor

Posted on ‎01-29-2016 04:55 PM

I know this would work as I can trust the Network Payload with the AD Machine certificate and is the option i've gone with for the moment, just seeing if there's a way to deploy the machine cert ahead of time which can be utilised from the keychain for other things Network being one, doesn't seem like the OS is capable of that action.