How to stop Apple products to download certificate automatically?

By vyasnilay ·
I am having some difficulties with my wireless design. I have implemented PEAP solution with Microsoft radius AD authentication and self signed certificate. Solution was working fine until one of the user bring in their i-phone to work. He has entered his domain username and password and i-phone poped up with message connection requires a certificate and it has downloaded certificate after the message and i-phone was on the the network. Except i-phone all other phone or device require to get certificate either via GP update or manually download and syn to the phone. As this certificates are not published and only available via GP users can not get their phone on the wireless network until i-phone has found the limitations. Can any one please suggest me how can I stop i-phone or i-pad to download this certificate automatically? My main goal is only CEO's i-pad should be on network no other phone or mobile devices on the network. please help me out.

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Answers

Collapse -

Perhaps if you enable mac-address authentiation and require both

by robo_dev In reply to How to stop Apple product ...

Obviously mac authentication is not secure, but it may stop unwanted devices from attempting the PEAP connection.

It might be helpful to set your main WLAN to not be broadcasting and setup a separate broadcasting one to capture the iphones before they get to the main wlan.

What APs are you using? If these are Cisco devices you can setup mulitple SSIDs and VLANS. You can also configure the AP to require mac + eap authentication.

Collapse -

Hard to do that I guess

by vyasnilay In reply to Perhaps if you enable mac ...

Thanks for your response. I am using cisco 1251 LWAP with cisco 4200 controller. This solution is for nation wide organisation so I guess it will be hard to maintain large number of mac address for mac-address filtering. However, I am not sure how we can match broadcast SSID with non broadcast SSID.

Related Discussions

Related Forums