How to configure EAP-TLS OTA

Question

Level 1

0 points

How to configure EAP-TLS OTA

Hello, I am trying to configure wi-fi setting OTA on iPhone/iPad. The certificate enrolment goes thru fine and the device signs the final request with newly acquired certificate. I am stuck in the last phase i.e. pushing the final mobileconfig containing EAP-TLS setting. It seems the configuration is accepted even though it is not signed or encrypted. Also, the configuration includes the root CA certificate which issued the device certificate as well as identity certificate (which is the newly issued certificate) for EAP-TLS setting . The device complains about not able to connect using the pushed profile. Is it okay to send root CA certificate in the mobileconfig and will it be trusted? Also, what is the encoding format for the certificate?

Thanks for any help.

iPad 2, iOS 4.1

Posted on Sep 22, 2011 10:42 PM

Reply

Answer 1

dmagniez

Level 1

0 points

Oct 14, 2011 2:58 AM in response to Indigo17

Here is how it's work for me :

server radius configured to EAP with certificate authentication (not PEAP or anything else)

send USER certificate by email (run certmgr.msc > personal certificate > the one with your name > export with private key)

retrieve it on your iphone, click on it and install it on iphone

in the wifi connection tab, enter your username, and choose in 'mode" : EAP-TLS

in identity choose your user certificate.

It will connect and ask you to trust the authentication server certificate

putting root CA doesn't trust the authentication server for me in later IOS version (after 4.1)

Reply