Security

 View Only
last person joined: 22 hours ago 

Forum to discuss Enterprise security using HPE Aruba Networking NAC solutions (ClearPass), Introspect, VIA, 360 Security Exchange, Extensions, and Policy Enforcement Firewall (PEF).
Expand all | Collapse all

MacBook with Microsoft CA server Certificate Based Authentication

This thread has been viewed 32 times
  • 1.  MacBook with Microsoft CA server Certificate Based Authentication

    Posted Sep 14, 2023 11:44 AM

    Hi,

    We have successfully deployed EAP-TEAP with Windows machine (Wired so far) and would like to deploy the same on MacBook as well (if not TEAP, then at least machine/user certificate based). Appreciate can someone please provide any documents or guidance for deploying Microsoft certificates to MacBook to use for 802.1x wired and wireless.

    Thank you



  • 2.  RE: MacBook with Microsoft CA server Certificate Based Authentication

    Posted Sep 15, 2023 09:50 AM

    Hi

    I'm not sure if it's possible to get both machine and user authentication with MacBooks. I think they only perform user authentication and doesn't have the concept of machine authentication as the Windows computer. TEAP is not supported on MAC OS, so you have to run EAP-TLS.

    To distribute certificates you need to have a CA with SCEP and manage the computers in a MDM tool like JAMF or Intune. In the MDM tool configure a SCEP profile to get the machine to request a certificate and the needed wired/wireless 802.1x profiles utilizing the certificate.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------



  • 3.  RE: MacBook with Microsoft CA server Certificate Based Authentication

    Posted Sep 15, 2023 11:59 AM

    Hi Jonas,

    Thanks for your reply. I am fine even just with EAP-TLS (machine or user cert) with MacOS. What I wanted to know any document or reference how to distribute certificate and profile to MacBook, we have Intune as MDM. 

    Regards,




  • 4.  RE: MacBook with Microsoft CA server Certificate Based Authentication

    Posted Sep 16, 2023 08:25 AM

    Hi

    I don't know if there are any specific documentation for how to implement this on MacOS, but I have implemented the same function on Windows based on the ClearPass and Intune integration documents on ASP, https://asp.arubanetworks.com/downloads;search=intune;products=Aruba%20ClearPass%20Policy%20Manager%20%28CPPM%29

    One of my customers where we first implemented the Windows settings in Intune later implemented the same for MacOS on thier own. So I suppose you can work with this document as a guide as the concept is the same for both Mac and Windows. Just a few smaller differences in the settings.



    ------------------------------
    Best Regards
    Jonas Hammarbäck
    MVP 2023, ACCX #1335, ACX-Network Security, Aruba SME, ACMP, ACDP , ACEP, ACSA
    Aranya AB
    If you find my answer useful, consider giving kudos and/or mark as solution
    ------------------------------