Skip to content

Commit

Permalink
Add link to RADIUS root
Browse files Browse the repository at this point in the history
  • Loading branch information
tashian committed Jan 10, 2024
1 parent c4ce2ac commit f030b4b
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 9 deletions.
16 changes: 8 additions & 8 deletions tutorials/apple-mdm-jamf-setup-guide.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -30,14 +30,6 @@ You will need:
- A test device or VM to enroll in MDM.
- A Jamf user for testing enrollment.

<Alert severity="info">
<div>
If you’re planning to deploy Wi-Fi and EAP-TLS using a JumpCloud RADIUS server, you will need to use an RSA CA.
This requires creating an Advanced Authority.
When creating the Authority, use key type `RSA_SIGN_PKCS1_2048_SHA256` for both root & intermediate CAs.
</div>
</Alert>

## Step-by-step instructions

In this section, we will set up an MDM profile that instructs devices to establish CA trust with your Smallstep CA, and to get a client certificate via Smallstep’s SCEP server.
Expand Down Expand Up @@ -112,6 +104,14 @@ If you run your own RADIUS server, you'll need to modify the Configuration Profi
Change the Certificate Trust settings for your `Wi-Fi` Payload so that they use your RADIUS server's Root CA Certificate instead of Smallstep's.
You may need to add an additional `Certificate` payload for your RADIUS server.

<Alert severity="info">
<div>
If you’re planning to deploy Wi-Fi and EAP-TLS using a JumpCloud RADIUS server, you will need to use an RSA CA.
This requires creating an Advanced Authority.
When creating the Authority, use key type `RSA_SIGN_PKCS1_2048_SHA256` for both root & intermediate CAs.
</div>
</Alert>

### Troubleshooting

- Check the expected certificates have been deployed to the right stores on macOS: user vs. device; trusted roots; personal certificates.
Expand Down
2 changes: 1 addition & 1 deletion tutorials/intune-mdm-setup-guide.mdx
Original file line number Diff line number Diff line change
Expand Up @@ -200,7 +200,7 @@ For this section, you will need a RADIUS server that your users will authenticat
Typically, thwill match the FQDN of your RADIUS server.
8. Under the Trust tab, add a Trusted Certificate for your RADIUS server.

If your RADIUS server certificate is managed by Smallstep, add your Smallstep Root CA and Smallstep Intermediate CA here.
If your RADIUS server certificate is managed by Smallstep, add the <a href="https://dl.smallstep.com/radius.smallstep.com-root.crt">Smallstep RADIUS Root CA PEM</a> here.

If your RADIUS server certificate is from a different PKI, you’ll need to add a new Certificate payload containing your RADIUS server’s Root CA certificate.
9. Under **Client Authentication**, for **Authentication method** choose SCEP Certificate.
Expand Down

0 comments on commit f030b4b

Please sign in to comment.