Security

Reply
New Contributor

User Certificates on VIA 3.0.3 for iOS 12

Hello folks, first time poster long time lurker.

 

We currently use VIA for our VPN solution with user certificates (Internal AD CA) as part of the authentication. We have had no issues with Windows 10 and MacOS (Mojave)

 

We've had some business requests to investigate iPads for staff to use in place laptops. I've seen and published through Jamf the latest VIA client for the iPad. When the client picks up the profile, it prompts for the user certificate that I have already preloaded on the iPad through configuration manager. It doesn't allow me to select the certificate and its requesting a URL and Password for the file. Believe this was an iOS 12.x change

 

I'm not sure now where to go with this. Reading the changelog for the application, it references the VIA Certificate Store. I'm not sure if this is part of ClearPass or if I need to add this into our 7205 controllers.

 

I'm rather green at this so any thoughts or advice anyone could provide, it would be greatly appreciated.

 

 

New Contributor

Re: User Certificates on VIA 3.0.3 for iOS 12

We are facing the same problem.

Our certificate is in the profile and can be used for wifi connections but doesn't appear in the certificate selection page of the via client.

With eap-mschapv2 the connection can be established.

 

If someone have any kind of advice to this topic it would be greatly appreciated.

New Contributor

Re: User Certificates on VIA 3.0.3 for iOS 12

I had actually opened a ticket with Aruba on the issue. Two weeks later they came back with spin up a web server and deploy the cert that way.

 

I enabled IIS on my workstation and dropped the required cert into the main site folder. With the iOS device, when Via prompted, i put in the URL of the web server with the cert name:

 

http://<workstation name/IP>\<name of cert>.pfx

 

Put in the password and it should download the cert and allow the app to continue.

When I'm done, I stop IIS so that I dont have a rogue webserver on the network.

 

Alot of this has to do with the iOS 12 changes and apps having access to some of the certificate stores.

 

Hope this helps you out, let me know.

New Contributor

Re: User Certificates on VIA 3.0.3 for iOS 12

I had actually opened a ticket with Aruba on the issue. Two weeks later they came back with spin up a web server and deploy the cert that way.

 

I enabled IIS on my workstation and dropped the required cert into the main site folder. With the iOS device, when Via prompted, i put in the URL of the web server with the cert name:

http://computer\certname.pfx

 

Put in the password and it should download the cert and allow the app to continue.

When I'm done, I stop IIS so that I dont have a rogue webserver on the network.

 

Alot of this has to do with the iOS 12 changes and apps having access to some of the certificate stores.

 

Hope this helps you out, let me know.

New Contributor

Re: User Certificates on VIA 3.0.3 for iOS 12

Hello,

is there any progress in this topic?

We evaluate the via client and the webserver workaround isn’t an option for a few hundred devices.

 

Please let me know if you have any ideas.

New Contributor

Re: User Certificates on VIA 3.0.3 for iOS 12

The issue appears to be due to a change with iOS12.... This was what the tech sent me before I closed the case:

 

The VPN framework has been changed by Apple with the introduction of IOS 12. Aruba has to rewrite the APP to adhere to the standards of APPLE, Please refer the below Airheads link
 
https://community.arubanetworks.com/t5/Security/Aruba-VIA-Requires-Upgrade-in-iOS12/td-p/466983
 
To let you know, this change to common to any Apple device moving to IOS 12, IPADs as well as Iphones. As of now the option is to upload the certificate with private key to a downloadable location in the Network so that the VIA can reach it over HTTP

We had this discussed with our Development team as well and as of now the only way to get the certificate is using the certificate downloader option

 

Maybe reach out to their support and see if anything has changed since Dec 2018.

 

Best of luck friend.

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: