From f030b4b3e86611335c3b2882b3392f3a1ae52b01 Mon Sep 17 00:00:00 2001 From: Carl Tashian Date: Wed, 10 Jan 2024 09:47:55 -0800 Subject: [PATCH] Add link to RADIUS root --- tutorials/apple-mdm-jamf-setup-guide.mdx | 16 ++++++++-------- tutorials/intune-mdm-setup-guide.mdx | 2 +- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/tutorials/apple-mdm-jamf-setup-guide.mdx b/tutorials/apple-mdm-jamf-setup-guide.mdx index d5afe8ef..f80efc14 100644 --- a/tutorials/apple-mdm-jamf-setup-guide.mdx +++ b/tutorials/apple-mdm-jamf-setup-guide.mdx @@ -30,14 +30,6 @@ You will need: - A test device or VM to enroll in MDM. - A Jamf user for testing enrollment. - -
- If you’re planning to deploy Wi-Fi and EAP-TLS using a JumpCloud RADIUS server, you will need to use an RSA CA. - This requires creating an Advanced Authority. - When creating the Authority, use key type `RSA_SIGN_PKCS1_2048_SHA256` for both root & intermediate CAs. -
-
- ## Step-by-step instructions In this section, we will set up an MDM profile that instructs devices to establish CA trust with your Smallstep CA, and to get a client certificate via Smallstep’s SCEP server. @@ -112,6 +104,14 @@ If you run your own RADIUS server, you'll need to modify the Configuration Profi Change the Certificate Trust settings for your `Wi-Fi` Payload so that they use your RADIUS server's Root CA Certificate instead of Smallstep's. You may need to add an additional `Certificate` payload for your RADIUS server. + +
+ If you’re planning to deploy Wi-Fi and EAP-TLS using a JumpCloud RADIUS server, you will need to use an RSA CA. + This requires creating an Advanced Authority. + When creating the Authority, use key type `RSA_SIGN_PKCS1_2048_SHA256` for both root & intermediate CAs. +
+
+ ### Troubleshooting - Check the expected certificates have been deployed to the right stores on macOS: user vs. device; trusted roots; personal certificates. diff --git a/tutorials/intune-mdm-setup-guide.mdx b/tutorials/intune-mdm-setup-guide.mdx index 98b4f5a5..419cc69d 100644 --- a/tutorials/intune-mdm-setup-guide.mdx +++ b/tutorials/intune-mdm-setup-guide.mdx @@ -200,7 +200,7 @@ For this section, you will need a RADIUS server that your users will authenticat Typically, thwill match the FQDN of your RADIUS server. 8. Under the Trust tab, add a Trusted Certificate for your RADIUS server. - If your RADIUS server certificate is managed by Smallstep, add your Smallstep Root CA and Smallstep Intermediate CA here. + If your RADIUS server certificate is managed by Smallstep, add the Smallstep RADIUS Root CA PEM here. If your RADIUS server certificate is from a different PKI, you’ll need to add a new Certificate payload containing your RADIUS server’s Root CA certificate. 9. Under **Client Authentication**, for **Authentication method** choose SCEP Certificate.