Meraki

Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Certificate on Apple Macs

jpjeffery
Getting noticed
‎Aug 30 2023 9:18 AM
‎Aug 30 2023 9:18 AM

Certificate on Apple Macs

Hi

 

We're using Certificate based authentication for our Windows machines to connect automatically to our internal Meraki SSID (with RADIUS/802.1x).

 

The certificate is issued to the client PCs using a GPO and from our Certificate Authority/AD Domain Controllers.

 

However, we have a few Apple Macs (about four). Clearly using GPO won't help here, but still we need to get the same certificate deployed to these Apple devices.

 

It would be nice to use our device management solution (ManageEngine's Endpoint Central) to push out the cert, but with only four of them to do, really just a manual process would be plenty good enough.

 

So, is this something you've had to do at your organisation (and succeeded)? How do we export the certificate from the CAs in a form that will work on the Apple Macs? 

Labels:
0 Kudos
5 Replies 5
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 30 2023 9:29 AM
‎Aug 30 2023 9:29 AM

You can enable the  HTTPS Certificate Authority for Web Enrollment.

 

alemabrahao_0-1693412941894.png

 

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
alemabrahao
Kind of a big deal
Kind of a big deal
‎Aug 30 2023 9:40 AM
‎Aug 30 2023 9:40 AM

Or you can use MDM.

 

https://documentation.meraki.com/General_Administration/Organizations_and_Networks/Organization_Menu...

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
In response to alemabrahao
jpjeffery
Getting noticed
‎Aug 31 2023 1:35 AM
‎Aug 31 2023 1:35 AM

We have that option, but it doesn't look straightforward to me.

 

This...

CA Web certsrv.jpg

...leads to this...

Cert Requests options offered.jpg

...leads to this on a Windows client (where only one certificate - "NDES User" - is offered)...

ACR - Windows.jpg

...but to this on an Apple Mac (five certificates offered):

ACR - Apple.jpg

 

Here's the 'Switches' certificate on the Certificate Authority server (which is offered to the Apple Mac), along with  the one we want ('WiFi') on the Apple Mac (but that isn't being offered to either the Mac or to the Windows client)

CA Certs.jpg

0 Kudos
UKDanJones
Building a reputation
‎Aug 31 2023 12:57 AM
‎Aug 31 2023 12:57 AM

MDM is the best way with Apple devices

Please feel free to hit that kudos button
jpjeffery
Getting noticed
‎Aug 31 2023 1:37 AM
‎Aug 31 2023 1:37 AM

@alemabrahao @UKDanJones 

Agreed with both of you that it would be nice to use MDM, for which we have ManageEngine's EndPoint Central ("EPC"), but that starts with the problem of how to get the certificate exported so that EPC can work with it.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.