Allow control of the TLSTrustedServerNames field when configuring WiFi certificates
When deploying or upgrading machines to Big Sur, I'm finding a change in behavior vs Catalina, in that when connecting to an 802.1x network, BS devices are asking the user to approve a certificate, where Catalina devices do not. In https://macadmins.slack.com/archives/C016JHNMP1N/p1611939579192200 it is suggested that the 802.1x profile can support the TLSTrustedServerNames field. However, SimpleMDM does not offer this field in the Profiles:Wireless category. I think that having this would address the unwanted dialog. As documented at https://developer.apple.com/documentation/devicemanagement/wifi/eapclientconfiguration , it seems this could be a field you could expose in the certificate management interface?
syuroff
shared this idea
-
rhooper
commented
This would be useful for iOS devices as well. https://support.apple.com/guide/deployment-reference-ios/connecting-devices-to-8021x-networks-apd7b6d34790/web says, "Trusted server certificate names: Use this array to configure the supplicant to connect only to RADIUS servers presenting certificates that match these names."
We have more than one RADIUS server and users sometimes get prompted to accept new certificates. I'd like to be able to specify a trusted root (or intermediate) and a list of allowed server names.