Hi,
Big Sur MacOS machines cannot connect to our corporate wifi and 802.1X.
We have computer payload certificate installed on the profile.
Everything work nicely on Catalina.
Question
WPA2 Enterprise, EAP-TLS and 802.1x Computer certificate Big Sur
+4This worked for us as well:
- Adding all required certificates in the chain to the Wi-Fi configuration profile.
- Selecting each checkbox of the certificates in the Trust Tab of the Network Payload.
Some notes:
- Jamf AD CS Connector was already setup.
- Using TLS.
- The identity certificate was already selected from the the Identity Certificate pop-up menu.
+12Is it best to create a new Wifi profile when a certificate expires or just update the payload in the current Config Profile? I have a cert expiring very soon and would like to know best practices. Affecting macOS and iOS configuration profiles. Thanks!
+15Jamf did a kba on this, hopefully following these steps helps.
https://docs.jamf.com/technical-papers/jamf-pro/8021x/10.0.0/802.1X_Fails_on_macOS_11_Big_Sur.html
+1I just discovered something new in the configuration profile that I had not seen before. There are check boxes for trusted certificates that were unchecked. Unclear whether this is a new JAMF Pro thing (10.29) or ?? If they were unchecked previously, why did they work in Catalina and not Big Sur. I am checking the boxes and redeploying to see iff it makes a difference. I will have to log into every Mac though as it will not get the new profile if not connected while logged out.
How do you make those check boxes appear? I only see {No applicable Certificate payload is configured] even though I have the AD Certificate filled out as part of this same Configuration Profile.
+12How do you make those check boxes appear? I only see {No applicable Certificate payload is configured] even though I have the AD Certificate filled out as part of this same Configuration Profile.
You can't trust that AD certificate as that cert is the devices cert.
Trustable certs (i.e. those check boxes) appear after you've uploaded a cert manually into the Config Profile Certificates Payload. e.g. The certificate chain is what you'd normally see here, for example, when the cert is signed by a third party or even internal CA that's not natively trusted.
+1You can't trust that AD certificate as that cert is the devices cert.
Trustable certs (i.e. those check boxes) appear after you've uploaded a cert manually into the Config Profile Certificates Payload. e.g. The certificate chain is what you'd normally see here, for example, when the cert is signed by a third party or even internal CA that's not natively trusted.
I exported the Root certificate from my windows server certificate authority server. Exported the private key and included all certificates int he certification path as well. Then in my configuration profile I added a certificate payload and added this certificate. I still do not see any of the check boxes under Trusted Certificates as shown. Not sure what I am missing....there isn't exactly a manual written for this stuff. 🙂
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.