Solved: BYOD not working on Apple iOS 10.3.x - CSCvd38467

Arne Bier · ‎05-16-2017

Hi

If this appeared since iOS 10.3.x why is it a Cisco bug? Can someone please provide a clear explanation of what this means to ISE 2.2 users and what has changed in iOS 10.3.x?

The 'Conditions' in the Bug ID seems to indicate that the PSN's need to install publically signed certificate for the purpose of BYOD onboarding.

thanks in advance

Jason Kunst · ‎05-17-2017

The bug is for documentation purposes stating the new flow for systems without certificates signed by a well known root

there is nothing for us to change in the product

View solution in original post

Jason Kunst · ‎05-17-2017

The bug is for documentation purposes stating the new flow for systems without certificates signed by a well known root

there is nothing for us to change in the product

Jason Kunst · ‎05-17-2017

Also this has nothing to do with the ISE release, its specifically an IOS 10.3 change in how Apple handles untrusted certificates

grant.maynard · ‎04-30-2018

Since Apple iOS 10.x, if you manually install a connection profile (as in BYOD) the root cert is not automatically trusted, instead you have to manually select "Enable full trust for root certificates" in Settings > General > About > Certificate Trust Settings. Then BYOD should work at the second attempt.

Apple recommend using Apple Configurator or Mobile Device Management (MDM) to install certs because root certs installed this way are automatically trusted.

There's an Apple doc (dated 2nd January 2018) explaining this - https://support.apple.com/en-us/HT204477.

So any BYOD process using a self-signed or internal root cert will run into this problem. This is why Cisco recommend using BYOD with a public cert from those already trusted by iOS - see https://support.apple.com/en-gb/HT20812 for iOS 11 or https://support.apple.com/en-gb/HT207177 for iOS 10.

So Cisco can't fix this, it's due to a change in Apple iOS.