WP_8021X Authentication_21MAY2012

OS X 10.7.3 ios 5.1 2012 6 5

...3 Apple...7...10...17 A...18 B...25 C Active Directory...32

LAN LAN RSA EAP Extensible Authentication Protocol Kerberos EAP EAPoL EAP over LAN EAP RADIUS Remote Authentication Dial In User Service 3

EAP EAP 2 X.509 ID X.509 ID X. 509 ID EAP OS X ios EAP PEAP TLS TTLS LEAP EAP-FAST EAP-SIM EAP EAP 40 EAP EAP WPA Enterprise WPA2 Enterprise EAP PEAP Protected Extensible Authentication Protocol PEAP ID 4

PEAP TLS Transport Layer Security TLS TLS TLS TTLS Tunneled Transport Layer Security TTLS TLS TTLS PEAP LEAP Lightweight Extensible Authentication Protocol LEAP Cisco Cisco EAP-FAST Flexible Authentication via Secure Tunneling EAP-FAST PAC Protected Access Credential ID EAP-SIM Subscriber Identity Module EAP-SIM SIM subscriber identity modulesim Wi-Fi 2 EAP 5

RADIUS RADIUS RADIUS Remote Authentication Dial In User Service Open Directory Active Directory 1 2 RADIUS 3 RADIUS 4 RADUUS 6

Apple OS X ios WEP WPA PSK WPA WPA2 PSK WPA2 802.1X/WEP WEP WPA WPA2 OS X ios Apple OS X MacBook Air MacBook Pro imac Mac mini Mac Pro OS X OS X WPA/WPA2 LEAP EAP-FAST TTLS MCHAPv2 PEAP v0 v1 Ethernet EAP-TLS ID EAP-TLS EAP OS X Wi-Fi 802.1X/WEP WEP 802.1X/WEP OS X 3 Active Directory 802.1X A OS X Lion OS X A 7

OS X Server OS X Server RADIUS RADIUS Open Directory AirMac RADIUS Open Directory Open Directory Open Directory Open Directory RADIUS AirMac OS X Server ios iphone ipad ipod touch ios WPA2 ios RADIUS iphone ipad ipod touch EAP-TLS EAP-TTLS EAP-FAST EAP-SIM PEAPv0 PEAPv1 LEAP ios ios 8

AirMac AirMac Extreme AirMac Express Time Capsule Apple AirMac OS X ios RADIUS AirMac AirMac EAP AirMac Extreme AirMac 9

Apple EAP-TLS EAP EAP 802.1X Apple Apple 1. EAP 2. MAC IP 10

RADIUS E VPN 3. 802.1X RADIUS 4. OS X ios XML.plist.mobileconfig Apple OS X 1 1 Mail Wi-Fi VPN 1 OS X ios MDM 11

OS X ios OS X ios Apple XML.plist OS X Server MDM Apple iphone Mac App Store Apple Configurator 1 Wi-Fi VPN 1 1 OS X ios Wi-Fi Ethernet EAP SCEP SCEP SCEP Simple Certificate Enrollment Protocol 12

SCEP SCEP A SSID OS X ios OS X OS X PEAP Wi-Fi Ethernet Wi-Fi EAP X.509 ID X.509 13

OS X ios PKCS#12 Yes Yes.p12 PKCS#7 Yes No.pfx X.509 Yes Yes.cer,.pem,.der SCEP SCEP NT OS X ios HTTP SCEP Simple Certificate Enrollment Protocol SCEP CSR OS X ios EAP-TLS CSR CA PKCS#12.p12 SCEP SCEP SCEP SCEP SCEP SCEP ADCertificate OS X OS X Active Directory Microsoft Web Apple ADCertificatePayloadPlugin Microsoft OS X OS X Safari Microsoft Web keygen PKCS#12.p12 14

OS X ios 2 E MDM MDM SSL OS X ios CA Server Finder OS X Apple 15 Apple MDM Apple

OS X profiles man profiles profiles testfile.mobileconfig profiles -I -F /testfile.mobileconfig /profiles/testfile2.mobileconfig profiles -R -F /profiles/testfile2.mobileconfig profiles -L ios 16

http://standards.ieee.org/getieee802/download/802.1x-2010.pdf EAP Extensible Authentication Protocol http://tools.ietf.org/html/rfc5247 WPA Wi-Fi Protected Access www.wi-fi.org http://help.apple.com/profilemanager/mac/10.7/#apd88330954-6fa0-4568- A88E-7F6828E763A7 https://developer.apple.com/library/ios/featuredarticles/ iphoneconfigurationprofileref/ http://www.apple.com/jp/ipad/business/docs/ios_certificates_jp.pdf OS X Server Profile Manager Help: http://help.apple.com/profilemanager/mac/10.7/ RADIUS: https://help.apple.com/advancedserveradmin/mac/10.7/#apd48aeb083- F53C-498D-B245-FA7993D92F57 ( ) OS X Lion MDM http://www.apple.com/jp/iphone/business/docs/ios_mdm_jp.pdf ipcu iphone 3.5 - Mac OS X iphone 3.5 - Windows AirMac http://www.apple.com/jp/wifi/ Microsoft http://support.apple.com/kb/ht4784?viewlocale=ja_jp 17

A OS X ios SCEP OS X Server OS X Ethernet Ethernet OS X OS X SSID SSID Service Set Identifier SSID SSID SSID SSID WEP WPA/WPA2 WEP WPA/WPA2 18

EAP 2 EAP OS X SCEP EAP EAP EAP ID 3 TTLS LEAP PEAP EAP-FASTOS X EAP EAP OS X Active Directory Active Directory EAP Active Directory PAC Protected Access Credential EAP-FAST RADIUS PAC PAC PAC TLS ID host/computername.domain.com computername$ OS X 19

OS X RSA ID ID SCEP PKCS#12 1 PKCS#12.p12 TTLS MS-CHAPv2 Microsoft Challenge Handshake Authentication Protocol v2 MSCHAP Microsoft Challenge Handshake Authentication Protocol CHAP Challenge Handshake Authentication Protocol PAP Password Authentication Protocol ID ID ID ID TLS TTLS LEAP PEAP EAP-FAST PAC Protected Access Credential ID ID 20

*.mycompany.radius.com EAP-TLS OS X ios RSA X.509.cer.crt.der PKCS1 PKCS12 1 P12 PKCS#12.p12.pfx 21

ios ios 5 OS X Microsoft ExchangeExchange Safari E SCEP SCEP SCEP SCEP SCEP Simple Certificate Enrollment Protocol CA URL HTTP HTTPS SCEP SCEP CSR HTTPS Microsoft SCEP NT X.500 OS X DN dc=com,dc=example,cn=ipod $ RDN cn=ipad$ DN 22

OID 0.9.2342.19200300.100.1.25=com. 0.9.2342.19200300.100.1.25=example,CN=ipod$ NT DNS NT NT OS X SCEP E RFC-822 DNS URL NT NT RADIUS remote access RADIUS OU DN dc=example,dc=com,ou=remote access, cn=ipad dc=example,dc=com,ou=computers, cn=ipad RADIUS SCEP RADIUS SCEP SCEP 1024 2048 CSR CSR SCEP 23

SCEP SCEP Microsoft NDES Network Device Enrollment Service CA HTTP CA CA SHA1 MD5 SCEP SCEP 24

B PKCS#12 EAP-TLS <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0// EN" "http://www.apple.com/dtds/propertylist-1.0.dtd"> <plist version="1.0"> <dict> <key>payloadcontent</key> <array> <dict> string> <key>autojoin</key> <true/> <key>eapclientconfiguration</key> <dict> </dict> <key>accepteaptypes</key> <array> </array> <integer>13</integer> <key>encryptiontype</key> <string>wpa</string> <key>hidden_network</key> <false/> <key>interface</key> <string>builtinwireless</string> <key>payloadcertificateuuid</key> <string>85e6b54f-008c-4a38-92e9-deec79811959</ <key>payloaddisplayname</key> <string>wifi (TestSSID)</string> <key>payloadenabled</key> <true/> <key>payloadidentifier</key> <string>com.apple.mdm.earbuds.apple.com.543751e0- e897-012e-17ca-0017f20564ec.alacarte.interfaces.864faa40- e897-012e-17cc-0017f20564ec</string> <key>payloadtype</key> <string>com.apple.wifi.managed</string> <key>payloaduuid</key> 25

<string>864faa40-e897-012e-17cc-0017f20564ec</ string> <key>payloadversion</key> <integer>1</integer> <key>proxytype</key> <string>none</string> <key>ssid_str</key> <string>testssid</string> <key>setupmodes</key> <array> <string>system</string> </array> </dict> <dict> <key>payloadcontent</key> <data> <<bas64data>> </data> <key>payloaddisplayname</key> <string>example Certificate Authority</string> <key>payloadenabled</key> <true/> <key>payloadidentifier</key> <string>com.apple.mdm.earbuds.apple.com.543751e0- e897-012e-17ca-0017f20564ec.alacarte.certificate.cd4d7bfa -CF18-4289-85EA-636B9B2D28FD</string> <key>payloadtype</key> <string>com.apple.security.root</string> <key>payloaduuid</key> <string>cd4d7bfa-cf18-4289-85ea-636b9b2d28fd</ string> <key>payloadversion</key> <integer>1</integer> </dict> <dict> <key>password</key> <string>abc</string> <key>payloadcontent</key> <data> <<bas64data>> </data> <key>payloaddisplayname</key> 26

<string>id.p12</string> <key>payloadenabled</key> <true/> <key>payloadidentifier</key> <string>com.apple.mdm.earbuds.apple.com.543751e0- e897-012e-17ca-0017f20564ec.alacarte.certificate. 85E6B54F-008C-4A38-92E9-DEEC79811959</string> <key>payloadtype</key> <string>com.apple.security.pkcs12</string> <key>payloaduuid</key> <string>85e6b54f-008c-4a38-92e9-deec79811959</ string> <key>payloadversion</key> <integer>1</integer> </dict> </array> <key>payloaddisplayname</key> <string>settings for test</string> <key>payloadidentifier</key> <string>com.apple.mdm.earbuds.apple.com.543751e0- e897-012e-17ca-0017f20564ec.alacarte</string> <key>payloadorganization</key> <string>appleenterprise</string> <key>payloadremovaldisallowed</key> <false/> <key>payloadscope</key> <string>system</string> <key>payloadtype</key> <string>configuration</string> <key>payloaduuid</key> <string>543751e0-e897-012e-17ca-0017f20564ec</string> <key>payloadversion</key> <integer>1</integer> </dict> </plist> 27

CAEAP-TLS <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/dtds/propertylist-1.0.dtd"> <plist version="1.0"> <dict> <key>payloadcontent</key> <array> <dict> string> </dict> <dict> <key>payloadcertificatefilename</key> <string>internal Issuing CA 1</string> <key>payloadcontent</key> <data>asnfz4mrze8=</data> <key>payloaddescription</key> <string>trust Radius Server Certificate</string> <key>payloaddisplayname</key> <string>trust Radius Server Certificate</string> <key>payloadidentifier</key> <string>my.payload.identifier</string> <key>payloadtype</key> <string>com.apple.security.root</string> <key>payloaduuid</key> <string>9768c058-9437-4f51-b7e6-aeaef9717531</ <key>payloadversion</key> <integer>1</integer> <key>payloadcertificatefilename</key> <string>internal Root CA</string> <key>payloadcontent</key> <data>/ty6mhzumha=</data> <key>payloaddescription</key> <string>trust Radius Server Certificate</string> <key>payloaddisplayname</key> <string>trust Radius Server Certificate</string> <key>payloadidentifier</key> <string>my.payload.identifier</string> <key>payloadtype</key> <string>com.apple.security.root</string> 28

<key>payloaduuid</key> <string>65295cea-70c9-431a-86d1-f5581f2fed4f</ string> <key>payloadversion</key> <integer>1</integer> </dict> <dict> <key>eapclientconfiguration</key> <dict> <key>accepteaptypes</key> <array> <integer>13</integer> </array> <key>payloadcertificateanchoruuid</key> <array> <string>9768c058-9437-4f51-b7e6- AEAEF9717531</string> <string>65295cea-70c9-431a-86d1- F5581F2FED4F</string> </array> </dict> <key>encryptiontype</key> <string>wpa</string> <key>hidden_network</key> <true/> <key>interface</key> <string>builtinwireless</string> <key>payloadcertificateuuid</key> <string>0ef3981e-0dd8-4a62-a792-a859e734dcb6</ string> <key>payloaddescription</key> <string>eap-tls 802.1x configuration</string> <key>payloaddisplayname</key> <string>configuration Profile</string> <key>payloadidentifier</key> <string>com.example.eaptls.8021x.wifi</string> <key>payloadorganization</key> <string>apple Inc.</string> <key>payloadtype</key> <string>com.apple.wifi.managed</string> <key>payloaduuid</key> 29

<string>9574a054-8a51-46b3-8766-d8542db0d843</ string> <key>payloadversion</key> <integer>1</integer> <key>ssid_str</key> <string>hidden_ssid</string> <key>setupmodes</key> <array> <string>system</string> </array> </dict> <dict> <key>certserver</key> <string>https://pki.apple.com/certsrv</string> <key>certtemplate</key> <string>workstation</string> <key>payloaddescription</key> <string>eap-tls 802.1x configuration</string> <key>payloaddisplayname</key> <string>configuration Profile</string> <key>payloadidentifier</key> <string>my.payload.identifier</string> <key>payloadorganization</key> <string>apple Inc.</string> <key>payloadtype</key> <string>com.apple.adcertificate.managed</string> <key>payloaduuid</key> <string>0ef3981e-0dd8-4a62-a792-a859e734dcb6</ string> <key>payloadversion</key> <integer>1</integer> <key>deleted</key> <false/> <key>promptforcredentials</key> <true/> </dict> </array> <key>payloaddescription</key> <string>eap-tls 802.1x configuration</string> <key>payloaddisplayname</key> <string>configuration Profile</string> 30

<key>payloadidentifier</key> <string>my.payload.identifier</string> <key>payloadorganization</key> <string>apple Inc.</string> <key>payloadremovaldisallowed</key> <false/> <key>payloadtype</key> <string>systemconfiguration</string> <key>payloaduuid</key> <string>78bb1ee4-ec9e-463a-86d7-00da73f26733</string> <key>payloadversion</key> <integer>1</integer> </dict> </plist> 31

C Active Directory PFX PKCS#12 PFX ios ios P12 Windows Active Directory OS X Windows Web Kerberos CSR SCEP UI ADCertificatePayloadPlugin Microsoft Microsoft EAP-TLS Microsoft EAP-TLS OS X ios OS X ios X.509 IDRADIUS Microsoft CA ios OS X OS X ios Windows Microsoft Web CA X.509 DNS E Microsoft CA CSR Active Directory Ac tive 32

Directory RADIUS RADIUS Microsoft CA OS X ios host/client.domain.com DOMAIN\computername Microsoft Microsoft Windows Microsoft 33

EAPOL RADIUS Active Directory EAP-TLS - - ID NTPrincipalName - ID CommonName - ID RFC822Name ID ID - host/fqdn.of.host fqdn.of.host host - computername$ computername Active Directory - DOMAIN\computername DOMAIN computername Active Directory NTPrincipalName RFC822Name CommonName EAPClientConfiguration B SCEP CSR CSR CSR Active Directory SCEP SCEP SCEP 34

ID 35

Apple Inc. 2012 Apple Inc. All rights reserved. Apple Apple AppleCare FileVault Finder FireWire ichat Mac Mac OS OS X Apple Inc. UNIX Open Group OS X version 10.7 Lion Open Brand UNIX 03 Apple 6/5/12 36