Mosyle MDM SCEP/EAP-TLS

Create Multi-cert Profile

For Mosyle, use the Multi-cert Profile capabilities. To enable it, go to Management > Activate New Profile Type > Multi-Cert Profile > Activate. Once activated, you may select "Add new profile".

SCEP Profile

Create the SCEP profile first. Please refer below for the configuration:

• Choose the URL, and set it to be the URL on the Foxpass SCEP page.
• The subject should be CN=%Email%.
• Subject Alternative Name is optional.
• The challenge comes from the Foxpass SCEP page.
• Keysize is 2048. Check both 'Use for signing' and 'Use for Encryption'.
• The rest of the defaults are good.
• Click Save.
• Assign this SCEP profile to your devices/users, then click Save.

WiFi Profile

Now, create the WiFi profile. Please see below for the configuration:

• Profile Name - Foxpass WiFi
• SSID - This is the name of your organization's Wi-Fi network.
• Security Type - WPA/WPA2 Enterprise
• Choose TLS

In the "Trust" section, for Trusted Certificate, upload the Foxpass server CA. For an Identity certificate -> use SCEP Profile. On the WiFi profile, use the SCEP certificate as the identity certificate. In the "Trust" section, upload your server certificate.

Here is Mosyle's support documentation on multi-cert profiles: https://myschool.mosyle.com/#helpcenter/1611