Synology usage series 32 – Setup Wifi WPA2 Enterprise with Freeradius+Openldap/Client Certificate


iPad Wifi Setting (Dec 30 2016)

* the path here is refering to my raspberry pi and might have different than the example path of the original article. But the procedures are exactly the same.

Generate client certificate

cd /etc/freeradius/certs 
./easyrsa build-client-full ipad
Generating a 2048 bit RSA private key
............+++
.................................................+++
writing new private key to '/etc/freeradius/certs/pki/private/ipad.key'
Enter PEM pass phrase: [input new pass phrase assign for ipad.key]
Verifying - Enter PEM pass phrase: [repeat new pass phrase assign for ipad.key]
-----
Using configuration from /etc/freeradius/certs/openssl-1.0.cnf
Enter pass phrase for /etc/freeradius/certs/pki/private/ca.key: [input pass phrase of  ca.key]
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
commonName            :PRINTABLE:'ipad'
Certificate is to be certified until Dec 28 12:48:39 2026 GMT (3650 days)

Write out database with 1 new entries
Data Base Updated

Generate p12

cd /etc/freeradius/certs/pki/private
openssl pkcs12 -export -out ipad.p12 -inkey /etc/freeradius/certs/pki/private/ipad.key -in /etc/freeradius/certs/pki/issued/ipad.crt -certfile /etc/freeradius/certs/pki/ca.crt
Enter pass phrase for /etc/freeradius/certs/pki/private/ipad.key: [input pass phrase of ipad.key]
Enter Export Password: [input export password for ipad.p12, I need to set export password same as passphrase, no idea why]
Verifying - Enter Export Password: [repeat export password for ipad.p12]

Copy ipad.p12, radius-server.p12 and ca.crt to macbook.

Launch Apple Configurator 2. Click New Profile.

General
– Name: Assign a name of the profile
– Identifier: Assign an ID for the profile
– Organization: Input your organization

Certificates

Click the + button to add ipad.p12, radius-server.p12 and ca.crt to this profile.

Input the export password of the corresponding p12 to the Password textbox.

Wi-Fi

Input the SSID.

Click Auto Join.

Security Type: WPA / WPA2 Enterprise

Enterprise Settings: Protocols: TLS, Identity Certificate: Select the ipad.p12 from the list.

Enterprise Settings: Trust: Trusted Certificates: Click the CA cert checkbox. Trusted Server Certicate Names: Add the radius-server.p12.

Save the profile. Then close the profile window.

Deploy the profile to iPad

Now connect iPad to the Macbook with usb.

The ipad will be shown in the “All Devices” tab within Apple Configurator 2.

Highlight the iPad then click the Add button. Click Profiles. Select the profile that you just created.

Back to your iPad, accept the deployment.





Leave a Reply

Your email address will not be published. Required fields are marked *