User profile for user: Indigo17
Indigo17 Author
User level: Level 1
0 points

How to configure EAP-TLS OTA

Hello, I am trying to configure wi-fi setting OTA on iPhone/iPad. The certificate enrolment goes thru fine and the device signs the final request with newly acquired certificate. I am stuck in the last phase i.e. pushing the final mobileconfig containing EAP-TLS setting. It seems the configuration is accepted even though it is not signed or encrypted. Also, the configuration includes the root CA certificate which issued the device certificate as well as identity certificate (which is the newly issued certificate) for EAP-TLS setting . The device complains about not able to connect using the pushed profile. Is it okay to send root CA certificate in the mobileconfig and will it be trusted? Also, what is the encoding format for the certificate?



Thanks for any help.

iPad 2, iOS 4.1

Posted on Sep 22, 2011 10:42 PM

Reply
1 reply
Sort By: 
User profile for user: dmagniez
dmagniez
User level: Level 1
0 points

Oct 14, 2011 2:58 AM in response to Indigo17

Here is how it's work for me :


server radius configured to EAP with certificate authentication (not PEAP or anything else)


send USER certificate by email (run certmgr.msc > personal certificate > the one with your name > export with private key)

retrieve it on your iphone, click on it and install it on iphone

in the wifi connection tab, enter your username, and choose in 'mode" : EAP-TLS

in identity choose your user certificate.

It will connect and ask you to trust the authentication server certificate


putting root CA doesn't trust the authentication server for me in later IOS version (after 4.1)

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How to configure EAP-TLS OTA

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up