04-30-2019 08:20 AM
HI @gwesson
I have an issue in client based authentication for IOS devices. I have imported the client certificate in windows and android it works same cert installed in iphone it shows an error client certificate not found.
Recently, I have see behaviour of client certificate installation has changed in IOS 12. Client certificate should be deployed as VPN profile using MDM. If I deplot using MDM I'm not getting the supported format by IPhone.
By direct I can able to install certifcate as PKCS12 format but it shows an error client certificate not found. but through MDM I can able to install only it as CER format which I'm not sure the certificate is getting changed during the deployment and because of that it is not working.
*I want my IOS devices to connect to global protect using client based certificate authentication.
Please help me with your experience.
Regards
Venky
04-30-2019 09:54 AM
Sorry @Venkatesan_radhakrishnan , I don't know all that much about iOS to be honest. The only experience I had was when I was testing the iOS integration for GP 5.0, and it was limited to what I previously provided in the thread you're likely referencing.
That really does sound like a better question to ask Apple, since you're doing MDM+iOS actions. I would recommend getting their support involved to see if they can iron out the issue you're seeing.
05-01-2019 12:39 AM
Hi @Venkatesan_radhakrishnan .
we do have over 1500 IPads using cert auth and managed via InTune...
the certificates were exported via PKS format.
I am no longer part of this project but i do remember we had similar issues, the only workaround for us was to create the config file with apple configurator (including the user certs) on a MAC and then use InTune to push this out to the device.
is that how you are doing it, if not then may be worth a shot.
05-01-2019 07:31 AM
HI @Mick_Ball
Thanks for sharing your experience, I have asked to install the certificate through Microsoft intune MDM through custom profile by checking with Vendor for procedure.
Also advised to go for apple configurator to push certificate through config file. I have one more query assume like I have enterprise CA, Can I genertate rootCA and subordinate client certificate and import that certificate to Palo alto in PKCS12 format and import to IOS devices in CER format. Whether this will solve my issue.
Because Now, I have certificate CA self signed from palo alto and client certificate are signed by root CA in palo alto. I'm exporting this in PKCS12 format and coverting it to CER format and then pushing to device through MS intune MDM and facing client certificate not found issue.
To avoid this conversion of certificate if i export from my enterprise CA it will deliever PKCS12 format for PA and CER format for IOS devices so can avoid conversion but whether this will work? or private key for client certificate is must required ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
