We have seen the same behavior with some iPads running 14.6. It's detected
as Catalina and the JoinNow link is not present to start the onboarding
process. We're running Network Profile5.36.6.GA1.
I've contacted Support at SW2 and they have responded that they're looking
into it.
John
On Tue,
I’m seeing the latest iPad Pro gen 5 not getting detected correctly with
securew2 in any browser I tried. I’ve updated to latest 14.7.1 but saw this on
14.6 as well. The device is getting detected as OS X Catalina or above and
even if I try manually selecting iPad from drop down on the
I used AD CS in the past for a private CA, so assuming you have Windows servers
at your disposal, you could do this quickly (depending how nimble your
organization is) and get the new root ready now as Tim recommended.
An upside to AD CS is every domain-joined Windows machine will automatically
Hi Jonathan,
We are completing a similar transition from a public CA to an internal PKI.
We used easy-rsa - these are a set of scripts from the OpenVPN folks that
take care of all of the openssl commands for you. It was quite simple to
configure and generate the needed certs. It might be a little
Hi Jonathan,
UAH is using an offline CA we call the "Russ CA," named affectionately
after our previous CISO. Here is how Russ created the Russ CA and signed
our eduroam cert using this CA:
$ openssl genrsa -des3 -out rootCA.key 4096
$ openssl req -x509 -new -nodes -key rootCA.key -sha256 -days
Jonathan,
As I mentioned in my first reply, just use the certificate that is still valid
on all nodes in your CPPM cluster for EAP. This will allow existing clients to
still authenticate.
When that cert expires, you'll need to look at re-onboarding clients and at
that point and I'd recommend
To be honest, this conversation has resurfaced some of my concerns as well. I’m
also working to make sure we’re as best prepared for fall move-in.
We’ll stand up a private PKI for our server-side certificate. But we’ve already
got thousands of clients configured to trust our existing InCommon
Thank you all for the informative replies. As is probably obvious, when we
initially rolled this out, we were completely unaware of the best
practices, and are currently working to correct that and get our
infrastructure where it should be.
We do not have an in-house PKI expert, but we are not
Great work. This is a great example that we have some say as a community.
Hoping for a good outcome.
Rodolfo
--
Rodolfo Nunez
pronouns: he/him/his
Director, IT Infrastructure
Barnard College, Columbia University
212-854-1319
rnu...@barnard.edu
www.barnard.edu/bcit
On Mon, Aug 9, 2021 at 8:01