ISE ECC support for iOS

ppoggi · ‎05-02-2018

Hi team,

still in ISE 2.4 compatibility matrix it is said that in case of ECC certificate Apple iOS does not natively support ECC for EAP-TLS authentication. Anyone knows if this can be achieved using alternative methods, e.g. via a supplicant or 3rd party app?

Thanks,

Paolo

hslai · ‎05-02-2018

Nope. Apple iOS 10.x has not yet been supporting identity certificates with ECC keys for EAP-TLS.

ppoggi · ‎05-03-2018

Hi,

thanks for your reply.

If I'm not mistaken latest iOS release is 11.3.x.

Any known app that could overcome this limitation?

Regards,

Paolo

hslai · ‎05-03-2018

No. Apple iOS is using the native supplicant for DOT1X and that is supporting such currently.

hslai · ‎06-15-2018

It seems to work when I tried it again on my iOS 11.4 device. I used ISE internal CA with ECC P-521 and ISE certificate provisioning portal to generate key+certificate in .p12. Then, I used Apple Configurator 2 to create a new config profile, to import the identity cert and the PSN certificate, and to configure a WiFi with TLS with the ID certificate and trust the PSN certificate. I just emailed it to myself and opened it on my iOS device to import it as a profile.

Thus, it would probably work using ISE BYOD as well. I will ask around or try that later.