2 Replies Latest reply: May 7, 2013 11:05 AM by rccharles
jeffreykusters Level 1 Level 1 (0 points)

Hi there,

 

I am asked to deploy iPads on an 802.1x EAP-TLS WiFi network. The customer has a Windows Server 2003 IAS server providing RADIUS. There also is a Windows based CA infrastructure in place. This solution is in production and is already being used by other wireless devices. Could someone please highlight the configuration steps for the iPad deployment? The customer whishes to automate the initial deployment and the renewal of the certificates. I have a basic understanding of 802.1x, RADIUS, Certificates etc. in a Windows infrastructure but I am new to enterprise deployment of iPads. There is no MDM tool in place by the way...

 

I did find a Microsoft article which I think describes what needs to be done: http://blogs.technet.com/b/pki/archive/2012/02/27/ndes-and-ipads.aspx. This article basically states the following steps:

 

1. Create a placeholder computer account in Active Directory Domain Services (AD DS)

2. Configure a Service Principal Name (SPN) for the new computer object.

3. Enroll a computer certificate passing the FQDN of the placeholder computer object as a Subject Name, using Web Enrollment Pages or Certificates MMC snap-in directly from the computer (Skip step 4 if you are using the Certificates MMC snap-in)

4. Export the certificate created for the non-domain joined machine and install it.

5. Associate the newly created certificate to the placeholder AD DS domain computer account manually created through Name Mappings

 

The article then elaborates on specific steps needed for the iPad because it treats all certificates as user certificates. Can someone confirm this behavior??

 

Regards,

 

Jeffrey