Recently a new customer contacted us regarding the integration of OS X devices into his already deployed WiFi infrastructure.
They have several access points that create a company wide WPA2 Enterprise 802.1X network. WiFi access is controlled by a Windows RADIUS server and requires a per user certificate that can be obtained from the Windows Certification Service.
Until now they manually requested the certificate on a Windows machine using MMC‘s Certificate Snap-In and transfered it to the Mac’s user Keychain.
Solution
This steps can be automated with the help of the Windows Web Certificate Service and OS X Lion’s Configuration Profiles.
Here’s what you need:
- Windows Web Certificate Service (http://certserv.mydomain.private/certsrv)
Details can be found in the MSDN. - OS X Lion or higher
- Hand-written configuration profiles as described in Apple’s KB entry.
You can download my demo profiles here.
If you also have to support older Mac OS X versions you can use the Web Certificate Service to semi-automate the process. Additionally other operating systems (like GNU/Linux) are also able to obtain certificates!