I try to connect an iPad (iOS 11.3.1) to a WiFi network which uses EAP-TLS. There is no way to specify EAP-TLS mode because of the lack of the certificate, so I need to import the certificate first.
I copied the client certificate to the device, and now, I want to install it. According to a few websites I checked, it seems to be easy:
Open the certificate file on the device. IOS will recognise the file as a certificate file, and begin the import process. Tap install.
All Apple iPads and iPhones support PKCS1-formatted X.509 certificates, stored in files ending with .crt, .cer, .pem or .der.
However, I'm clueless as what exactly I should do once I downloaded the certificate file on the tablet. It allows me to do a bunch of actions such as store it in Google Drive, but there is nothing which could look like an import tool, and it doesn't look like the device recognized the PEM file.
What should I do to make the device recognize PEM certificates?
Best Answer
CONFIGURING EAP-TLS AUTHENTICATION on IOS DEVICES:
Instructions were developed using IOS 11 and IOS/iPADOS 13.3 to configure both iPhones & iPads for EAP-TLS authentication using certificates.
If you wish to learn how the certificates were generated- or how to configure the EAP-TLS Authentication on the router's side (using a MikroTik)- please go HERE.
PROCESS OVERVIEW:
A) Configure Certificates:
For each device we will in turn: - Download and configure the CA certificate - Download and configure the Client Certificate
B) Configure Authentication:
Once the certs are in place and configured on the device, we next configure the wireless network connection that uses them.
C) Configure Connection:
Configure the WiFi connection to use EAP-TLS
PROCESS:
Configure CA CERTIFICATE:
There are (2) certs we'll be working with: The CA cert & Client cert
Configure CA PROFILE:
Configure CLIENT CERTIFICATE:
Configure CLIENT PROFILE:
WARNING:
Only proceed to next step "Configure AUTHENTICATION" after installing BOTH certs and each one's status report "Verified". You will be wasting your time trying to connect if this step is not completed properly. And pulling out large amounts of hair in frustration...
Configure AUTHENTICATION:
This example uses a hidden network. Go to "WiFi" > "Other Network" to begin setting the connection parameters for the EAP-TLS SSID. Your connection parameters should look as below:
Client AUTHENTICATION:
When you finally connect, you'll be presented with a warning to "Trust" a certificate. This will be the cert used by the Wireless Interface:
That's it, you're done.