Mosyle MDM SCEP/EAP-TLS

For Mosyle, use the Multi-cert Profile capabilities. To enable it, go to Management > Activate New Profile Type > Multi-Cert Profile > Activate. Once activated, you may select "Add new profile".

SCEP Profile

Create the SCEP profile first. Please refer below for the configuration:

  • Choose the URL, and set it to be the URL on the Foxpass SCEP page.
  • The subject should be CN=%Email%.
  • Subject Alternative Name is optional.
  • The challenge comes from the Foxpass SCEP page.
  • Keysize is 2048. Check both 'Use for signing' and 'Use for Encryption'.
  • The rest of the defaults are good.
  • Click Save.
  • Assign this SCEP profile to your devices/users, then click Save.
SCEP Configuration Profile

SCEP Configuration Profile

WiFi Profile

Now, create the WiFi profile. Please see below for the configuration:

  • Profile Name - Foxpass WiFi
  • SSID - This is the name of your organization's Wi-Fi network.
  • Security Type - WPA2 Enterprise
  • Choose TLS

In the "Trust" section, for Trusted Certificate, upload the Foxpass server CA. For an Identity certificate -> use SCEP Profile. On the WiFi profile, use the SCEP certificate as the identity certificate. In the "Trust" section, upload your server certificate.

Here is Mosyle's support documentation on multi-cert profiles: https://myschool.mosyle.com/#helpcenter/1611