Differences

This shows you the differences between two versions of the page.

--- siteadmin:freeradius_certificate_tls_authentication [2021/05/07 07:55] – admin
+++ siteadmin:freeradius_certificate_tls_authentication [2021/05/07 08:11] (current) – [Apple MacOS configuration] admin
@@ Line 29: / Line 29: @@
 The ca_file is actually used to authenticate the clients in the same way as above. When the client sends the certificate the server uses the Root CA to prove that the client is derived from the PKI.
+=====eapol_test configuration=====
+Using eapol_test is the easiest and most reliable way to test EAP-TLS
+<code>
+network={
+    ssid="govroam"
+    key_mgmt=WPA-EAP
+    eap=TLS
+    identity="<Outer ID>"
+    ca_cert="<CA Certificate>"
+    client_cert="<Client Certificate>"
+    private_key="<Client Key>"
+    eapol_flags=3
+}
+</code>
+=====Apple MacOS configuration=====
+ProfileCreator and the CAT aren't good enough to generate suitable mobileconfig files. ProfileCreator doesn't appear to include the right fields and the CAT can't deploy client certificates.
+The only way appears to be to use Apple Configurator 2.
+Create a profile that contains the client certificate, the root CA certificate and the wireless configuration for the SSID. The certificates must be in PKCS12 format with a password. The wireless configuration sets the SSID, the security type (WPA2 Enterprise), EAP Type of TLS and the identity certificate.
+{{:siteadmin:screenshot_2021-05-07_at_09.08.41.png?direct&400|}}
+{{:siteadmin:screenshot_2021-05-07_at_09.09.02.png?direct&400|}}