AirWatch: Using a EAP-TLS certificate with WPA2 Enterprise (802.11x)
So now you want to get Wi-Fi.
- Use a cloud connector and configure Enterprise Integration to request a certificate from your Active Directory CA (ADDS) -- Not covered here
- Create a single profile.
In this profile, you'll add two payloads:
- Credentials (order is important):
- First tab: Upload your CA, and select "Allow access to all applications" and "Allow export from Keychain"
- Second tab: use your machine certificate (uncheck everything)
- Network:
- check Auto-Join
- WPA/WPA2 Enteprise. For some reason, if I choose only "WPA2 Enterprise", it fails. But it will then connect as WPA2.
- Uncheck "User logs in to authenticate with the network"
- Protocols: EAP-TLS
- Username: {EnrollmentUser}
- Identity Certificate: Certificate #2 (This is why order is important).
- Trusted certificates: Check both
- Allow trust exceptions: Check