Mosyle MDM SCEP/EAP-TLS
Configure EAP-TLS on Foxpass
Please follow the EAP-TLS initial setup guide to create server CA and SCEP endpoint if not configured already.
Create Multi-cert Profile
For Mosyle, use the Multi-cert Profile capabilities. To enable it, go to Management > Activate New Profile Type > Multi-Cert Profile > Activate. Once activated, you may select "Add new profile".
Activate Multi Cert Profile
Add new Profile
SCEP Profile
Create the SCEP profile first. Please refer below for the configuration:
- Choose the URL, and set it to be the URL on the Foxpass SCEP page.
- The subject should be CN=%Email%.
- Subject Alternative Name is optional.
- The challenge comes from the Foxpass SCEP page.
- Keysize is 4096. Check both 'Use for signing' and 'Use for Encryption'.
- The rest of the defaults are good.
- Click Save.
- Assign this SCEP profile to your devices/users, then click Save.
Configure SCEP
WiFi Profile
Now, create the WiFi profile. Please see below for the configuration:
- Profile Name - Foxpass WiFi
- SSID - This is the name of your organization's Wi-Fi network.
- Security Type - WPA/WPA2 Enterprise
- Choose TLS
In the "Trust" section, for Trusted Certificate, upload the Foxpass server CA. For an Identity certificate -> use SCEP Profile. On the WiFi profile, use the SCEP certificate as the identity certificate. In the "Trust" section, upload your server certificate.
Wi-Fi Profile
Here is Mosyle's support documentation on multi-cert profiles: https://myschool.mosyle.com/#helpcenter/1611
Updated 3 months ago