04-13-2015 09:22 AM - edited 07-05-2021 02:54 AM
When users connect to my companiees wireless, which authenicates using a Windows 2008 RADIUS server, they're prompted to accept a server certificate. I'd like to install a trusted SSL and prevent users from having to accept a cert every time they connect. This primarily happens on ipad/iphone devices.
How do I go about doing this? Do this on the controller? Or on the Radius server?
Wireless Controller: 5508
Thank you
04-13-2015 09:44 AM
On Apple devices you will need to push a profile to each device. In side this profile will be the confirmation of trust which will negate the need to accept. Normally you only have to accept the first time. Connections after that should be trusted ..
04-13-2015 09:45 AM
I think with Apple, you need to accept the cert the first time, even if you install the root ca. Like George mentioned, its only a one time accept.
-Scott
04-13-2015 09:53 AM
In our deployment we discovered the profile negates the first time accept ..
04-13-2015 09:55 AM
Never worked for me:) Was your cert one of the trusted root CA's by chance?
-Scott
04-16-2015 08:07 AM
Thank you George
Do you know a of procedure on how to implement this?
04-16-2015 11:10 AM
Here is the solution:
If you have iOS devices—iPhones, iPads, or iPod Touchs—or Mac OS Lion machines on the network, you may want to use the iPhone Configuration Utility (iPCU) to help distribute the wireless settings to them. Apple offers the utility for both Windows and Mac OS X.
You can use the iPCU to create, encrypt, maintain, and install XML-based configuration profiles. In addition to Wi-Fi settings, these profiles can contain device security policies, VPN configuration, MS Exchange and email settings, and digital certificates. You can create profiles for specific users, groups, or a profile for all. You can either install the profiles directly from the computer running the iPCU or distribute the .mobile config. file via other means.
Note:This is one time process after distribution the profiles will be saved to the devices .
Mark it as correct if this resolve your issue.
05-05-2015 02:32 AM
Hi,
Please configure in your wireless domain GPO. Select appropriate authority in Trusted Root Certification Authorities and select Do not prompt user to authorize new servers or trusted certification authorities option.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide