Certificate on Apple Macs

jpjeffery
Getting noticed

Certificate on Apple Macs

Hi

 

We're using Certificate based authentication for our Windows machines to connect automatically to our internal Meraki SSID (with RADIUS/802.1x).

 

The certificate is issued to the client PCs using a GPO and from our Certificate Authority/AD Domain Controllers.

 

However, we have a few Apple Macs (about four). Clearly using GPO won't help here, but still we need to get the same certificate deployed to these Apple devices.

 

It would be nice to use our device management solution (ManageEngine's Endpoint Central) to push out the cert, but with only four of them to do, really just a manual process would be plenty good enough.

 

So, is this something you've had to do at your organisation (and succeeded)? How do we export the certificate from the CAs in a form that will work on the Apple Macs? 

5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal

You can enable the  HTTPS Certificate Authority for Web Enrollment.

 

alemabrahao_0-1693412941894.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
alemabrahao
Kind of a big deal
Kind of a big deal

Or you can use MDM.

 

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
jpjeffery
Getting noticed

We have that option, but it doesn't look straightforward to me.

 

This...

CA Web certsrv.jpg

...leads to this...

Cert Requests options offered.jpg

...leads to this on a Windows client (where only one certificate - "NDES User" - is offered)...

ACR - Windows.jpg

...but to this on an Apple Mac (five certificates offered):

ACR - Apple.jpg

 

Here's the 'Switches' certificate on the Certificate Authority server (which is offered to the Apple Mac), along with  the one we want ('WiFi') on the Apple Mac (but that isn't being offered to either the Mac or to the Windows client)

CA Certs.jpg

UKDanJones
Building a reputation

MDM is the best way with Apple devices

Please feel free to hit that kudos button
jpjeffery
Getting noticed

@alemabrahao @UKDanJones 

Agreed with both of you that it would be nice to use MDM, for which we have ManageEngine's EndPoint Central ("EPC"), but that starts with the problem of how to get the certificate exported so that EPC can work with it.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels