While the advantages of certificate-based authentication over credential-based are well documented, many still experience the barrier to entry of provisioning devices with certificates. This is certainly a valid concern for organizations that institute manual configuration policies and neglect to use a PKI delivery software. The manual process requires high level IT knowledge to understand and creates numerous opportunities for the average network user to misconfigure.
In response, SecureW2 has developed top of the line PKI certificate delivery software to configure any device easily and efficiently with a digital certificate. The beauty of the SecureW2’s JoinNow solution is that it is vendor-neutral and customized to provision any device.
Below we have detailed the onboarding process for end users on different OSs.
Delivering Certificates to Androids
After connecting to the onboarding SSID, the user is redirected to the SecureW2 JoinNow browser page to begin the onboarding process. They will need to click Download to redirected to the Play Store to download the SecureW2 Android App. The app needs to be downloaded, installed, and opened.
The application will then prompt the user to enter their network credentials and will open a Captive Network Assistant (CNA).
The user’s credentials will then be authenticated. If they are a valid set of credentials, the device will be delivered a certificate from the PKI and configured for the secure WPA2-Enterprise network with EAP-TLS authentication.
Delivering Certificates to iOS
To begin the iOS configuration process, connect to the onboarding SSID and open a web browser. The user will be redirected to the JoinNow onboarding page.
After clicking Sign In, the user will be redirected and prompted to enter their network credentials. After entering a valid set of credentials, the user will be approved and redirected back to the JoinNow client.
Next, click JoinNow to begin the configuration process. The Settings application will open to configure certificate trust and allow the JoinNow app to make changes to the device. To begin, click Install on the Install Profile Page.
A warning screen may appear which will confirm the installation of a trusted certificate. Click Install.
The certificate configuration profile can then be installed to prepare the device for certificate authentication. Click Done to complete the configuration process and be issued a certificate from the PKI.
Once completed, you may still need to connect to the Secure SSID manually for the first time. The following instructions page will appear.
Delivering Certificates to Windows OS
The first step is familiar; begin by connecting to the onboarding SSID. The user will be redirected to a web browser where the JoinNow browser page will open. After clicking JoinNow, the JoinNow application is downloaded for the user to open in their Downloads.
The JoinNow client will open and prompt the user to click Next to begin the configuration process. The login page then requests the user’s network credentials to verify their identity as an approved network user.
After their credentials are confirmed, the client will begin the configuration process and the PKI delivery software will provision the device for a certificate. The device will be ready to connect to the secure SSID and be authenticated with EAP-TLS to the WPA2-Enterprise Network.
Delivering Certificates to MacOS
Start by connecting to the onboarding SSID and opening a web browser. Enter any URL and the user will be redirected to the JoinNow onboarding Page. Initiate the configuration process by clicking JoinNow.
The JoinNow configuration client will be downloaded and should be opened in the user’s Downloads.
After opening the client, the user will be prompted to allow it to update their device. Click Open to allow this and begin the configuration process. The user will be required to enter a valid set of credentials to allow the device to be changed in configuration.
Next the JoinNow client will prompt the user to enter network credentials to prove that they are an approved network user. Click Next and enter a valid set of credentials.
The JoinNow client will begin the configuration and enrollment process to prepare the user and device for EAP-TLS authentication to the secure network. The Mac device will then prompt the user with the option to view the server certificate to authenticate to the Secure SSID. They may choose to view the certificate if necessary.
Once the user is secure in the identity of the server, click Continue to be authenticated. They will need to enter their credentials once more to confirm changes to the Certificate Trust Settings.
Click Always Allow on the two windows that appear to allow the JoinNow client to access the keychain, and click Allow on the last window to allow the client to access permissions of the keychain. Once this has been completed, the client will finish the configuration process and prompt the user to click Done.
The end result is a user that is delivered a certificate from the PKI that is ready to authenticate to the secure SSID.
Delivering Certificates to Managed Devices
For end users, the managed device configuration process could not be easier because they are not involved in the process whatsoever. SecureW2 utilizes SCEP and WSTEP API gateways to push certificate profiles to managed devices with no end user interaction. The network admin is able to fully customize certificate permissions, use policies, expiration, etc., and once configured, the devices will automatically be delivered a certificate from the PKI. There is no concern of misconfiguration or support tickets because the user is completely out of the equation.
SecureW2 Provides PKI Delivery Software for Every Device
While each OS requires a slight variation, the overall configuration process with SecureW2’s PKI delivery software is similar for all: connect to the onboarding SSID, enter a valid set of credentials, and click a few confirmation buttons. The process is designed to be easily completed by users of every technology literacy level so everyone can self-configure for certificate authentication. Navigate to SecureW2’s pricing page to see if our cost-effective onboarding solutions fit your organization.
*** This is a Security Bloggers Network syndicated blog from SecureW2 authored by Jake Ludin. Read the original post at: https://www.securew2.com/blog/pki-delivery-software-for-every-device/