Hello,
We were running with ClearPass Policy Manager 6.0.2 for quite a while.
We recently upgraded to version 6.1.2.
While testing this new CPPM I noticed that the option to install the 'Root Certificate' during the Apple Onboard process was missing. This option usually appeared as Step 1.
I went in and looked at the code and found this...
{if $client_require_root}
<strong>{counter}.</strong> {nwa_iconlink icon="images/icon-certificate22.png" text="Install root certificate (click here)"}{nwa_mdps_config name=root_cert}{/nwa_iconlink}{nwa_mdps_config name=root_cert_warning}<br>
{/if}
During my test I never received the option to install the 'Root Certificate' and subsequently I received the 'Unverified Profile' warning from the Apple device.
I went in and simply deleted the 'if' statement part which brought back the option to install the 'Root Certificate' which solved the 'Unverified Profile' warning.
I was curious if there is any negative impact to me removing the 'if' statement to ensure that the option to install the 'Root Certificate' is there no matter what?
The Onboard process works either way, but I think based on our used base it would be better if there wasn't this 'Unverified Profile' message.
I should mention that we are using a Local CA on the CPPM Onboard, it is not an intermediate and not signed by any Commercial CA's.
We do have a Commercial CA for the CPPM (Apache) side though.
Thank you,
Cheers