EAP-TLS with Server 2008 SCEP for Apple Devices

Hi Bryce,

Sorry for the late reply. I know that there are solutions out there that will provision your Iphones / Ipads with certificates and profiles but I’ve never worked with them before.

There’s probably a lot of products like that out there. With the number of Ipads you have you’ll need something that does the auto-enrollment or it’s way too time-consuming. Like you said, using a pre-shared key is not a good idea…there’s no way to tell who has the key or not or when it has been leaked.

The problem with the Ipads / Iphones is that they always seem to send their certificate as a “user” certificate even when you enrolled a “machine” certificate through SCEP. That’s why the domain account is unavoidable when you do it this way (as far as I know). For smaller setups I skipped using SCEP and just used enrollment on a Windows machine to get a user certificate and install that on the Ipads / Iphones.

Let me know if you find anything that does the auto-provisioning, I’m curious to take a look at it :slight_smile:

Rene