Security

last person joined: 14 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Back to discussions
Expand all | Collapse all

CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

This thread has been viewed 1 times

  • 1.  CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 20, 2018 05:47 AM

    Hello all

     

    Making a long story short:

     

    CPPM 6.6 and second CPPM 6.7 with all newest updates + CTRL 7005 6.5.4.3

    and 

    iPhone X iOS 11.3.1 / Windows 10 1803 / Android 6

     

    Windows onboarding - no problems

    Android onboarding via QC - no problems

    iOS - 8 weeks before no problems at all, now I cannot OB any new iOS.

     

    I am not sure when exactly issue has started, however

    when I was trying re-provision iPhone X again after pre-auth phase

    I cannot push certificates and profile to iOS.

     

    I am using Dual SSID OB

    https certificate is GeoTrust

    radius certificate is self-signed however it should not matter cause

    radius cert will be used after onboarding process when devices are switched to secure SSID with EAP-TLS

    onboarding SSID is open.

     

    Please advice and if additional screens or config parts are needed just let me know.

     

    Maybe somebody have a similar issue?

     

    Like I wrote I tested it before with lower version of iOS with the same config without any problem.

     

    Right know I cannot rollback to iOS 11.2.6 because is not signed by Apple anymore, and I cannot OB any new iOS devices.

     

    Help ... :/pre-authpre-auth

     

    certificatecertificate

     

    profileprofile

     

    pre-authpre-auth

     



  • 2.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 20, 2018 10:46 AM
    Try to use Safari instead of the mini browser.


  • 3.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 21, 2018 06:07 AM

    Hello

    Thank You for prompt answer.

    It is only partial solution to get rid of mini browser, however is working now.

    Setup looks like below.

    Any other suggestion?

    Will appreciated it.

    Web Login Page.PNGProvisioning Settings.PNG

     

     



  • 4.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 21, 2018 11:23 AM
    Hi,

    This is the best solution.
    In the controllers there is also a option to bypass the captive portal assistence but that’s all we can do

    Regards,


  • 5.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 22, 2018 08:27 AM

    Thank You Willem.

     

    However all we can do is .... acceptable solution? :)

     

    I hope next iOS update will fix mini browser.

     

    It was working before and maybe will be in the future.

     

    Thank You

    BR



  • 6.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    EMPLOYEE
    Posted May 22, 2018 11:35 AM

    The Onboard process has never (and likely will never) work in any mini browser on any operating system.



  • 7.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 24, 2018 06:15 AM

    Tim

     

    Was working … on Android by moving OB Captive Portal to separate SSID and putting google store addresses in walled garden list on CTRL to allow download QC.

     

    Yes .. they didn’t use mini browser for captive portal, however for iOS mini was working without any problems.

    iOS went down after iOS 11.3.1 upgrade … in lab I checked iOS 9.4 and 10.2 .. and they are still working with captive network assistant … for today … shame on you Apple iOS :D



  • 8.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    MVP EXPERT
    Posted May 25, 2018 01:52 PM
    Https cert is not from geotrust. It is selfsigned!

    Common Name:cppm.sindrom.pl
    Organization:
    Valid: May 21, 2018 to May 21, 2019
    Issuer: cppm.sindrom.pl


  • 9.  RE: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

    Posted May 28, 2018 06:01 AM

    nope ....

    selfsigned = radius

    https = rapidssl = geotrust 

     

    cert 2.PNGcert 1.PNG