Hi Phil
Generally speaking there are 2 ways you can achieve this:
1. Extract a generic certificate from your NDES and use this to identify all devices.
2. Extract a certificate
template which allows for creation of user-based or device-based (specific) certificates.
The first option is simpler and doesn't require Cloud Extender. The second does require Cloud Extender. I believe the 2nd option is what you need based on your description.
Here is the documentation, please have a look:
https://www.ibm.com/docs/en/maas360?topic=modules-certificate-integration-moduleThe following training on the Security Learning Academy is quite comprehensive (log in with your IBMid):
https://www.securitylearningacademy.com/enrol/index.php?id=5645For IBMid verification and password reset:
https://myibm.ibm.comBest
------------------------------
Eamonn O'Mahony
Technical Client Success Manager
IBM Security
Dublin, Ireland
------------------------------
Original Message:
Sent: Sun December 18, 2022 11:13 PM
From: Phil Bradley
Subject: Computer authentication with 801.1x TLS/EAP
Just an update on this. I need to pass custom attributes to the certificate request to get the macbook ad computername in the subject. I'm not sure that wifi identity certificates will pass custom device attributes to cloud extender so that they will be sent to ndes?
------------------------------
Phil Bradley
Original Message:
Sent: Thu December 15, 2022 07:42 PM
From: Phil Bradley
Subject: Computer authentication with 801.1x TLS/EAP
Hello All! I am trying to get my macbook connected to our internal wireless that uses 802.1x TLS/EAP. I currently use machine authentication using certificates and I am trying to get the mac to acquire a computer identity cert using the CE connector with microsoft NDES. I have downloaded the root CA and NPS server certs and applied them to the profile. Has anyone successfully accomplished this and do you have a guide? I am going to use apple configurator and use a trial of two canoes certificate request to make sure it works without using maas360 first.
------------------------------
Phil Bradley
------------------------------