Security

last person joined: yesterday 

Enterprise security using ClearPass Policy Management, ClearPass Security Exchange, IntroSpect, VIA, 360 Security Exchange, Extensions and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

This thread has been viewed 0 times
  • 1.  anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Sep 26, 2013 06:00 PM

    anyone have issue with Clearpass and OS X 10.9?  Can successfully install profile.



  • 2.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Sep 26, 2013 07:52 PM

    Do you have a public server certificate?

     



  • 3.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 18, 2013 06:22 AM

    Hi,

     

    Will Clearpass 3.9.16, support Mac OS X 10.9?



  • 4.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 18, 2013 06:17 PM

    You need to be running the latest CPPM "ClearPass Policy Manager 6.2.3.57998"



  • 5.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 20, 2013 09:55 PM
    We are running the latest version of CPPM.

    We have a problem onboarding 10.9 macs.

    We are currently using using a self signed certificate. We do push a user name and password, rather than use tls, to Apple devices.

    Any thoughts?

    I am going to try pushing tls to a 10.9 mac tomorrow.


  • 6.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 20, 2013 10:21 PM
    Laptopbrent,

    The Onboarding process requires two main certificates: (1) the CPPM server certificate which Must be a public cert trusted by all IOS devices, because that is how the profile is pushed (2) the onboard CA cert, which can be self signed. What do you have?


  • 7.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 21, 2013 12:07 AM
      |   view attached

    Our Server certificate is signed by the clearpass onboard local CA.

     

    Yes we realize this is not ideal.  The only issues we have are onbaording mac 10.9.  Onboariding other supported device si fine. issue.

     

    I have attatched a screen shot of the error when someone tries to install a profile in 10.9.

     

     



  • 8.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 21, 2013 12:18 AM

    @laptopbrent wrote:

    Our Server certificate is signed by the clearpass onboard local CA.

     

    Yes we realize this is not ideal.  The only issues we have are onbaording mac 10.9.  Onboariding other supported device si fine. issue.

     

    I have attatched a screen shot of the error when someone tries to install a profile in 10.9.

     

     


    Let me be clear:  To even push a profile successfully to a device over https, the server certificate must be public and trusted by IOS.  That is separate from the from the Onboard CA that actually issues the device certificate; that can be self-signed.  If your server certificate is not public and trusted by IOS, you will get that error.

     

    If you uncheck "require https for guest access" and start redirecting onboard users to the http version of the website and it works, not having a public certificate is the issue.  If the http version of the website does not work, you have different problem and you should contact support:

    onboard.png



  • 9.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 21, 2013 12:25 AM

    Again like I stated in the begginging.  We are not ideal here. I am not using a public cert.  So I cannot and am not using https, we are using http.

     

     



  • 10.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Nov 21, 2013 12:28 AM

    laptopbrent,

     

    There could be a number of things that are wrong that support would be able to go through with you.  We only wanted to highlight the most common one.  I suggest you contact support, because users guessing on this forum would be painful, indeed.



  • 11.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Dec 02, 2013 03:08 AM

    I'm having the same problem with OS X 10.9. Did you manage to solve this ?

     

    Best regards,

     

    Jan



  • 12.  RE: anyone have issue with Clearpass and OS X 10.9? Can successfully install profile.

    Posted Dec 02, 2013 03:14 AM

    A lot of people have been able to get it working. As stated in the email chain it could be something as simple as getting a public cert which the user didn't have to make sure you have HTTPS enabled on the redirect. 

     

    You should

     

    1. Make sure you double check your provisioning settings

    2. Have HTTPS enabled on CPPM and the controller

    3. Have a public cert on CPPM

    4. Find out if the error is on the client or CPPM

    5. Depending on what the error is then post it here and if its a simple fix then one of us can walk you trough a fix