WPA/WPA2 Enterprise with Certificate Authentication
I am configuring the authentication settings on a WiFi profile to push it to mobile devices and I want to use certificate based authentication. I need that the identity certificate distributed to the mobile device includes the username as the CN. Is it a requirement for this to work to integrate the Active Directory into the Systems Manager? Right now I am using local users defined on the "Owners" page and the certificates pushed to the mobile devices does not have the username as the CN in the identity certificate, I am assuming that the username defined in the "Owners" page will be used as the CN but I am not sure if this is correct.
1. In order to have a username, you have to have a user. This can be meraki hosted, AD, Azure, Google, OpenID Connect, etc. When the user enrolls, if it's not a meraki hosted user, the user appears in the Owners List
(You'll note the difference between username and email address)
2. Secondly the naming of the cert is completely up to you. When creating a SCEP policy, you can use various bits of dynamic text, such as:
I did some testing and created a new SCEP certificate specifying the username as the CN:
and then I specify this new SCEP into the Wifi Configuration:
When I enroll the device now I have one certificate installed with the CN field populated with the username specified on the Owners list, however on the Wifi profile installed on the device there is no user certificate configured on the profile.
If I select the default SCEP under Wifi settings and select "Use username as certificate CN" :
I do get a user certificate on the Wifi Profile on the mobile device however this user certificate does not include the username in the CN field, it contains a random number instead.
Is there a document that explains how SCEP policies are applied to Wifi settings and how to specify that the CN field contains the username for the default SCEP?