I am trying to generate a computer identity certificate on Mac OS for access to corporate wireless. Is it possible to pass custom variables for the SAN on the cloud extender? I need to generate hostname$@mydomain.com in the SAN. I have already setup cloud extender to request identity certs through NDES.

------------------------------
Phil Bradley
------------------------------

Hi Phil
At present the Certificate Integration (PKI) module on Cloud Extender facilitates additional security for WiFi and VPN network connections. 
If you want to have additional security for your SAN you could request this as an enhancement (new functionality) on the new page: 
https://www.ibm.com/developerworks/rfe/execute?use_case=changeRequestLanding&PROD_ID=20076
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------

Original Message:
Sent: Mon March 29, 2021 11:09 AM
From: Phil Bradley
Subject: 802.1x computer cert using cloud extender and ndes

I am trying to generate a computer identity certificate on Mac OS for access to corporate wireless. Is it possible to pass custom variables for the SAN on the cloud extender? I need to generate hostname$@mydomain.com in the SAN. I have already setup cloud extender to request identity certs through NDES.

------------------------------
Phil Bradley
------------------------------

Hi Eamonn,

I am actually trying to get a device certificate for WiFi. I am trying to pass the active directory hostname in the Subject Alternate Name on the certificate request. For some reason when I choose my identity certificate in my WiFi profile it doesn't send this to the device (WiFi is missing in system-profiles).

Thanks,
Phil

------------------------------
Phil Bradley
------------------------------

Original Message:
Sent: Tue March 30, 2021 04:23 AM
From: Eamonn O'Mahony
Subject: 802.1x computer cert using cloud extender and ndes

Hi Phil
At present the Certificate Integration (PKI) module on Cloud Extender facilitates additional security for WiFi and VPN network connections. 
If you want to have additional security for your SAN you could request this as an enhancement (new functionality) on the new page: 
https://www.ibm.com/developerworks/rfe/execute?use_case=changeRequestLanding&PROD_ID=20076
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland

Original Message:
Sent: Mon March 29, 2021 11:09 AM
From: Phil Bradley
Subject: 802.1x computer cert using cloud extender and ndes

I am trying to generate a computer identity certificate on Mac OS for access to corporate wireless. Is it possible to pass custom variables for the SAN on the cloud extender? I need to generate hostname$@mydomain.com in the SAN. I have already setup cloud extender to request identity certs through NDES.

------------------------------
Phil Bradley
------------------------------

Hi Phil

Just to clarify here to make sure we're on the right track. 

You can either: 
a. Get a generic cert from your PKI and use this to authenticate to WiFi but which is not device- or user-specific.
This does not require Cloud Extender.  While I know you can use a generic cert I'm not sure whether a cert coming from NDES can do this, you might need to test. You just upload the certificate to the policy as a policy file (Add Policy Files action top-right within policy) and then choose that from the drop-down on the WiFi page. 

b. Integrate with your NDES using Cloud Extender.
Cloud Extender has to retrieve a  certificate template and on the basis of this template, creates new certificates on-demand for users or devices depending on your use case. Documentation: 
https://www.ibm.com/support/knowledgecenter/SS8H2S/com.ibm.mc.doc/ce_source/concepts/ce_ca_settings.htm

Because option (b) relies on this setup having been performed, I'd need you to confirm that you have done this. 
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------

Original Message:
Sent: Tue March 30, 2021 10:07 AM
From: Phil Bradley
Subject: 802.1x computer cert using cloud extender and ndes

Hi Eamonn,

I am actually trying to get a device certificate for WiFi. I am trying to pass the active directory hostname in the Subject Alternate Name on the certificate request. For some reason when I choose my identity certificate in my WiFi profile it doesn't send this to the device (WiFi is missing in system-profiles).

Thanks,
Phil

------------------------------
Phil Bradley

Original Message:
Sent: Tue March 30, 2021 04:23 AM
From: Eamonn O'Mahony
Subject: 802.1x computer cert using cloud extender and ndes

Hi Phil
At present the Certificate Integration (PKI) module on Cloud Extender facilitates additional security for WiFi and VPN network connections. 
If you want to have additional security for your SAN you could request this as an enhancement (new functionality) on the new page: 
https://www.ibm.com/developerworks/rfe/execute?use_case=changeRequestLanding&PROD_ID=20076
Best

------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland

Original Message:
Sent: Mon March 29, 2021 11:09 AM
From: Phil Bradley
Subject: 802.1x computer cert using cloud extender and ndes

I am trying to generate a computer identity certificate on Mac OS for access to corporate wireless. Is it possible to pass custom variables for the SAN on the cloud extender? I need to generate hostname$@mydomain.com in the SAN. I have already setup cloud extender to request identity certs through NDES.

------------------------------
Phil Bradley
------------------------------