Add trusted server name and certificate to configuration profile for 802.1X EAP-TLS authentication
I run a small network which uses WPA2-Enterprise WiFi with 802.1X EAP-TLS authentication. I don't have access to Mac OS X and have successfully generated mobileconfig profiles using a text editing which allow the iOS devices to connect to my wifi network using EAP-TLS authentication. However, when the device connects it still prompts the user to verify and accept the identity of the RADIUS server.
Reading through the Configuration Profile Reference my understanding is that I can use the
TLSTrustedServerNames and PayloadCertificateAnchorUUID
keys in the EAPClientConfiguration Dictionary to prevent the device from asking if the certificate is to be trusted. However when I add these keys to the configuration profile the devices will not connect to the wireless network. I've tried a combination of using both TLSTrustedServerNames and PayloadCertificateAnchorUUID
keys individually. I've also tried specifying the UUID of both my CA and radius server certificates, which I've included in the configuration profile.My working WiFi payload is as follows:
<dict>
<key>PayloadIdentifier</key>
<string>net.mydomain.subdomain.wifi.conf1</string>
<key>PayloadUUID</key>
<string>uniquie UUID for payload</string>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SSID_STR</key>
<string>MYWIFISSID</string>
<key>AutoJoin</key>
<true/>
<key>EncryptionType</key>
<string>WPA</string>
<key>EAPClientConfiguration</key>
<dict>
<key>AcceptEAPTypes</key>
<array>
<integer>13</integer>
</dict>
<key>PayloadCertificateUUID</key>
<string>UUID of my client certificate</string>
<key>ProxyType</key>
<string>Auto</string>
<key>ProxyPACURL</key>
<string>http://wpad.subdomain.mydomain.net/proxy.pac</string>
<key>ProxyPACFallbackAllowed</key>
<true/>
</dict>
I have attempted the following configuration, but it does not allow the devices to connect:
<dict>
<key>PayloadIdentifier</key>
<string>net.mydomain.subdomain.wifi.conf1</string>
<key>PayloadUUID</key>
<string>uniquie UUID for payload</string>
<key>PayloadType</key>
<string>com.apple.wifi.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>SSID_STR</key>
<string>MYWIFISSID</string>
<key>AutoJoin</key>
<true/>
<key>EncryptionType</key>
<string>WPA</string>
<key>EAPClientConfiguration</key>
<dict>
<key>AcceptEAPTypes</key>
<array>
<integer>13</integer>
</array>
<key>TLSTrustedServerNames</key>
<array>
<string>server.subdomain.mydomain.net</string>
</array>
<key>PayloadCertificateAnchorUUID</key>
<array>
<string>UUID of CA certificate</string>
<string>UUID of server certificate</string>
</array>
</dict>
<key>PayloadCertificateUUID</key>
<string>UUID of my client certificate</string>
<key>ProxyType</key>
<string>Auto</string>
<key>ProxyPACURL</key>
<string>http://wpad.subdomain.mydomain.net/proxy.pac</string>
<key>ProxyPACFallbackAllowed</key>
<true/>
</dict>
Any assistance would be greatly appreciated.
iPad 2, iOS 8.4.1, null