Apperntly the config below did the trick (on MDM side)
On the MDM side, the WiFi configuration required all of the names on the certificate including CN and ALL SANS, which apparently sounds like an iOS requirement.
------------------------------
Peter Van Rietvelde
------------------------------
Original Message:
Sent: Mar 25, 2021 10:36 AM
From: Victor Fabian
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
Make sure to disable authorization required under the TLS authentication type
------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI
Original Message:
Sent: Mar 25, 2021 10:28 AM
From: Peter Van Rietvelde
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
When I chose Local Database as authentication I get the follwoing :
Alerts for this Request | RADIUS | [Local User Repository] - localhost: User not found.
EAP-TLS: Authentication failure, unknown user |
------------------------------
Peter Van Rietvelde
Original Message:
Sent: Mar 25, 2021 09:16 AM
From: Victor Fabian
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
You can use clearpass local source
And create a policy based on the certificate attributes
------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI
Original Message:
Sent: Mar 25, 2021 09:05 AM
From: Peter Van Rietvelde
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
The certificate is Ok via MDM but how does the service in clearpass needsto be configured?
EAP-TLS offcours but authentication source??? Since those tablets are no member of our AD what do you chase then?
------------------------------
Peter Van Rietvelde
Original Message:
Sent: Mar 25, 2021 08:52 AM
From: Victor Fabian
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
Since you already have an MDM solution in place , you can configure your MDM solution to request a certificate against your PKI on behalf of the device (this will be the best approach)
What is your concern on the ClearPass side ?
------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI
Original Message:
Sent: Mar 25, 2021 03:42 AM
From: Peter Van Rietvelde
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
Yes wa have our own PKI infrastructure and we have a MDM infrastructure. But the problem/clarification we have is on the clearpass side.
------------------------------
Peter Van Rietvelde
Original Message:
Sent: Mar 24, 2021 05:11 PM
From: Victor Fabian
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
Do you guys have an internal PKI issuing certificates?
Are these mobiles devices managed via a MDM solution ?
------------------------------
Victor Fabian, ACEX#8
Mobility Architect @ WEI
Original Message:
Sent: Mar 24, 2021 09:45 AM
From: Peter Van Rietvelde
Subject: Corporate Tablet (iOs/Android) access (802.1x) via TLS and Clearpass
Hello,
Is there a tutorial or document that subscribes the bast practice how to configure clearpass to connect Corporate owned iOs and Android devices to our Wireless netwerk via EAP-TLS (Certificate - 802.1x).
We don't want to use the onboarding service because these devices are not BYOD devices.
------------------------------
Peter Van Rietvelde
------------------------------