Wireless Access

Has anybody successfully deployed EAP-TLS for an IOS and or Android environment?  Did you have to install specific public CA certificates on the phones? Were you able to get clients on IOS/Android to use private CA certificates? If not, how did you get the phones to trust the certs?

 

There's a known issue with Android ignoring certs it doesn't trust and IOS asking the client if it chooses to trust the cert and I'm curious what people here had to do in order to get EAP-TLS to work using iPhones and Androids.  I see no way of sending a cert chain and forcing the phone to trust them via MDM.  

 

Thanks!

We have successfully deployed EAP-TLS with iPhones. I can tell you it works but unfortunately I can't tell you how we did it as another team manages the phones. I can tell you we use VMware Airwatch to deploy certificates. You might want to look into that and how they do it.

Thanks. Do you get asked whether or not to trust the cert (if you recall) or were you never asked as if it were automatically trusted?  What vendor?

Users do not get asked to trust the certificate. It is pushed down to the phones using profiles. We are using VMware Airwatch to manage and deploy the profiles. It is seamless to the user once the phone is on boarded. I've even had dual WLAN profiles pushed at the same time to migrate users to a new SSID. Almost no users noticed the change.

Charlie Dean

Are you asking about managed or unmanaged devices?

Company-provided devices reachable via mdm