Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: whitx
whitx Author
User level: Level 1
0 points

mobileconfig issue with ipad

Hello everyone,


I am facing an issue with the usage of mobileconfig to push profiles into Ipad/Iphone. This has been tested with IOS 8.1(iPad) and 8.3(iPhone).

My profile has been generated manually(writing through apple key references) and then with the IPhone Config Utility, this profile works great with mac os X.x versions, tested on Snow Leopard, Maverick.


This profile is here to setup an EAP-TLS connection, with server authentication, client authentication and CA certificate inside the profile.


My connection is setup properly and I can connect on mac OS X as I said, but on iPad/iPhone after the profile installation, I get a screen to fill infos (login/pw) to connect to the network. As this is an EAP-TLS network I shouldn't have this, and I should have a choice of certificate(as my identity) if there were one thing to choose before the connection.

So now I fill the information for login/pw and it still impossible to click the button 'Connect'.

To have an idea this is how my "configured ssid" via the profile appear on the iPad/iPhone if I try to connected to it:

http://imgur.com/dUOENth

As you guessed 'Rejoindre = Connect'


I have been through multiple threads and cannot find the source of the issue.


My mobileconfig file is signed, my profile is trusted when installed as I ask to trust my newly pushed CA, I also try to install the CA before and then push the profile, same result.


Lastly, the configuration of EAP-TLS with manually installed certificate is working great, only the autoconfig by profile is not. The auto configuration by profile with PEAP is working fine also.


Here is my profile(I removed the content as some of the information are not supposed to be public, TestEAP = CA, svr = server authentication cert and antoine = client authentication cert):

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>PayloadContent</key>
  <array>
  <dict>
  <key>AutoJoin</key>
  <true/>
  <key>EAPClientConfiguration</key>
  <dict>
  <key>AcceptEAPTypes</key>
  <array>
  <integer>13</integer>
  </array>
  <key>EAPFASTProvisionPAC</key>
  <false/>
  <key>EAPFASTProvisionPACAnonymously</key>
  <false/>
  <key>EAPFASTUsePAC</key>
  <false/>
  <key>PayloadCertificateAnchorUUID</key>
  <array>
  <string>41FDAD3B-4024-4ACF-AFB0-AE9462B586E4</string>
  <string>C55E83E1-4C0D-4735-A158-FE05C83065E0</string>
  </array>
  <key>TLSTrustedServerNames</key>
  <array>
  <string>antoine.p12</string>
  <string>svr</string>
  </array>
  </dict>
  <key>EncryptionType</key>
  <string>WPA</string>
  <key>HIDDEN_NETWORK</key>
  <false/>
  <key>PayloadDescription</key>
  <string>Configure les réglages de connectivité sans fil.</string>
  <key>PayloadDisplayName</key>
  <string>Wi-Fi (pf-aa-sec)</string>
  <key>PayloadIdentifier</key>
  <string>antoine2.wifi</string>
  <key>PayloadOrganization</key>
  <string></string>
  <key>PayloadType</key>
  <string>com.apple.wifi.managed</string>
  <key>PayloadUUID</key>
  <string>945A78A2-214F-4E85-B44D-50E8A5077D4E</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>ProxyType</key>
  <string>None</string>
  <key>SSID_STR</key>
  <string>pf-aa-sec</string>
  </dict>
  <dict>
  <key>PayloadCertificateFileName</key>
  <string>srv.der</string>
  <key>PayloadContent</key>
  <data>
  </data>
  <key>PayloadDescription</key>
  <string>Authentifie l’appareil (certificat ou identité).</string>
  <key>PayloadDisplayName</key>
  <string>svr</string>
  <key>PayloadIdentifier</key>
  <string>antoine2.reference1</string>
  <key>PayloadOrganization</key>
  <string></string>
  <key>PayloadType</key>
  <string>com.apple.security.pkcs1</string>
  <key>PayloadUUID</key>
  <string>41FDAD3B-4024-4ACF-AFB0-AE9462B586E4</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  </dict>
  <dict>
  <key>PayloadCertificateFileName</key>
  <string>TestEAP.der</string>
  <key>PayloadContent</key>
  <data>
  </data>
  <key>PayloadDescription</key>
  <string>Authentifie l’appareil (certificat ou identité).</string>
  <key>PayloadDisplayName</key>
  <string>TestEAP</string>
  <key>PayloadIdentifier</key>
  <string>antoine2.reference2</string>
  <key>PayloadOrganization</key>
  <string></string>
  <key>PayloadType</key>
  <string>com.apple.security.root</string>
  <key>PayloadUUID</key>
  <string>C55E83E1-4C0D-4735-A158-FE05C83065E0</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  </dict>
  <dict>
  <key>Password</key>
  <string>qwer</string>
  <key>PayloadCertificateFileName</key>
  <string>antoine.p12</string>
  <key>PayloadContent</key>
  <data>
  </data>
  <key>PayloadDescription</key>
  <string>Authentifie l’appareil (certificat ou identité).</string>
  <key>PayloadDisplayName</key>
  <string>antoine.p12</string>
  <key>PayloadIdentifier</key>
  <string>antoine2.reference</string>
  <key>PayloadOrganization</key>
  <string></string>
  <key>PayloadType</key>
  <string>com.apple.security.pkcs12</string>
  <key>PayloadUUID</key>
  <string>680D4DB3-6196-471D-95AF-6EA0A1B6AF58</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  </dict>
  </array>
  <key>PayloadDescription</key>
  <string>Description du profil.</string>
  <key>PayloadDisplayName</key>
  <string>antoine2</string>
  <key>PayloadIdentifier</key>
  <string>antoine2</string>
  <key>PayloadOrganization</key>
  <string></string>
  <key>PayloadRemovalDisallowed</key>
  <false/>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>A1C6BF16-CE1A-4D64-B315-9DD72400E3C4</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>


Thanks for reading

iPad 2, iOS 8.1

Posted on Apr 21, 2015 7:47 AM

Reply
Question marked as Best reply
User profile for user: whitx
whitx Author
User level: Level 1
0 points

Posted on Apr 24, 2015 6:49 AM

Found the issue a Key ref was missing , PayloadCertificateUUID(In the WiFi payload), to precise which certificate to use while imitate the connection on EAP-TLS. On Mac os you get prompted to chose this one if not set, but on IOS you just cannot connect.

View in context
2 replies
Question marked as Best reply
User profile for user: whitx
whitx Author
User level: Level 1
0 points

Apr 24, 2015 6:49 AM in response to whitx

Found the issue a Key ref was missing , PayloadCertificateUUID(In the WiFi payload), to precise which certificate to use while imitate the connection on EAP-TLS. On Mac os you get prompted to chose this one if not set, but on IOS you just cannot connect.

Reply
User profile for user: rccharles
rccharles
User level: Level 6
12,957 points

Apr 24, 2015 12:01 PM in response to whitx

Couldn't you use the free mdm -- meraki to generate the profile?


Meraki -- A free MDM [ expect lots of email and phone calls about upgrades ]

Read the product overview. Click on "get started now" to sign up.

https://meraki.cisco.com/products/systems-manager/?ref=YZRzCR

Video's on how to setup and use Meraki.

https://meraki.cisco.com/blog/2012/08/how-to-get-the-most-from-meraki-systems-ma nager/

Reply

mobileconfig issue with ipad

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up