We are in the process of deploying EAP-TLS authentication for Wi-Fi on our iOS devices to secure them via Microsoft Certificates.
The following components are involved:
Windows Server 2008R2 with NPS
Windows Root Certificate Authority
Windows Subordinate Certificate Authority
AirWatch Mobile Device Management
Windows Active Directory
iOS 8 iPhones & iPads
I am able to connect Domain Join Windows Laptops to the wireless almost instantly using a certificate issued by the Sub CA.
However, we are not able to use EAP-TLS on the iOS devices as expected.
I have been using Airwatch MDM to install profiles on the iOS devices.
When I install the user certificate along with the trusted root and sub CA certificate, then connect to the network manually, it connects perfectly well. Albeit saying the RADIUS severs certificate, which was issued by the same Certificate Server is "not trusted".
However, when installing the MDM Profile with the certificates and the wireless settings, I am unable to connect. The profile looks to have all of the correct settings and allows for "Certificate Trust Exceptions". Looking at the logs on the NPS server, it shows "Reason Code 23"
I am unable to work out why the device connects with the certificate manually, but not using the Profile.
Some forum posts suggest that the iOS 8 upgraded EAP-TLS security, but I don't know how to get around the problem I am having.
Even when the trusted roots are installed on the iPad it still says not "not trusted" I thought I might be able to get around this by installing the actual RADIUS certificate on the the iOS device. However, it still says not trusted.
I hope someone can help!