Security

Reply
#MJ
Occasional Contributor I

CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Hello all

 

Making a long story short:

 

CPPM 6.6 and second CPPM 6.7 with all newest updates + CTRL 7005 6.5.4.3

and 

iPhone X iOS 11.3.1 / Windows 10 1803 / Android 6

 

Windows onboarding - no problems

Android onboarding via QC - no problems

iOS - 8 weeks before no problems at all, now I cannot OB any new iOS.

 

I am not sure when exactly issue has started, however

when I was trying re-provision iPhone X again after pre-auth phase

I cannot push certificates and profile to iOS.

 

I am using Dual SSID OB

https certificate is GeoTrust

radius certificate is self-signed however it should not matter cause

radius cert will be used after onboarding process when devices are switched to secure SSID with EAP-TLS

onboarding SSID is open.

 

Please advice and if additional screens or config parts are needed just let me know.

 

Maybe somebody have a similar issue?

 

Like I wrote I tested it before with lower version of iOS with the same config without any problem.

 

Right know I cannot rollback to iOS 11.2.6 because is not signed by Apple anymore, and I cannot OB any new iOS devices.

 

Help ... :/2018-05-19 19.02.19.pngpre-auth

 

2018-05-18 23.38.28.pngcertificate

 

2018-05-18 23.48.58.pngprofile

 

pre-auth.PNGpre-auth

 

Contributor I

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Try to use Safari instead of the mini browser.
Willem Bargeman
ACMX#935 | ACCX #822
#MJ
Occasional Contributor I

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Hello

Thank You for prompt answer.

It is only partial solution to get rid of mini browser, however is working now.

Setup looks like below.

Any other suggestion?

Will appreciated it.

Web Login Page.PNGProvisioning Settings.PNG

 

 

Contributor I

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Hi,

This is the best solution.
In the controllers there is also a option to bypass the captive portal assistence but that’s all we can do

Regards,
Willem Bargeman
ACMX#935 | ACCX #822
#MJ
Occasional Contributor I

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Thank You Willem.

 

However all we can do is .... acceptable solution? :)

 

I hope next iOS update will fix mini browser.

 

It was working before and maybe will be in the future.

 

Thank You

BR

Guru Elite

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

The Onboard process has never (and likely will never) work in any mini browser on any operating system.


Tim Cappalli | Aruba Security
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
#MJ
Occasional Contributor I

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Tim

 

Was working … on Android by moving OB Captive Portal to separate SSID and putting google store addresses in walled garden list on CTRL to allow download QC.

 

Yes .. they didn’t use mini browser for captive portal, however for iOS mini was working without any problems.

iOS went down after iOS 11.3.1 upgrade … in lab I checked iOS 9.4 and 10.2 .. and they are still working with captive network assistant … for today … shame on you Apple iOS :D

mkk
Contributor II

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

Https cert is not from geotrust. It is selfsigned!

Common Name:cppm.sindrom.pl
Organization:
Valid: May 21, 2018 to May 21, 2019
Issuer: cppm.sindrom.pl
#MJ
Occasional Contributor I

Re: CPPM Onboarding iOS 11.3.1 - profile & certificate installation failure after pre-auth

nope ....

selfsigned = radius

https = rapidssl = geotrust 

 

cert 2.PNGcert 1.PNG

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: