Next I removed the Mac from the domain, renamed my XP virtual machine to the Mac’s name (based on our naming standard), got the certificate issued to the XP virtual machine and exported it and installed it on the Mac, removed the XP virtual machine from the domain and added the Mac back onto to domain.(Our Mac workstations are domain members.) The Mac wasn’t able to connect the ACS reported that there was a problem with the certificate (the DNS entry in the certificate didn’t match the Mac’s name). As a test, before trying to follow any of Tom’s procedures, I issued a certificate to an XP virtual machine, exported it and installed it on a Mac (our Root CA was added to the Mac previously – so the certificate initially issued to the XP virtual machine would be trusted).Active Directory and Certificate Services are working as expected.
We have the wireless access working with Windows workstations.We have about 50K Windows workstations and about 10K Macintosh workstations. We have an Enterprise Root CA and an Enterprise Subordinate CA (used for issuing certificates). We’re using AD CS on two Server 2008 R2 Enterprise boxes.Some background information that may prove useful (the last two bulleted points make more sense after reading the MacOSX and Windows CA discussion forum entry): Perhaps scripting for the initial certificate request or the renewal request or anything else that we can explore? I’m going to be doing a few more tests, but I welcome any suggestions that might simplify the process. Tom Ranson’s reply to Joe Fonte’s questions.Tom Ranson’s initial post on the MacOSX and Windows CA discussion.There are three posts in the MacOSX and Windows CA discussion forum entry that apply specifically to my situation: I’m going to include an edited/formatted version (for readability) of the discussion forum posts at the end of this post.
There may be another solution available (other than the one presented in the MacOSX and Windows CA discussion forum entry), so feel free to suggest alternatives. While researching our options, I came across a discussion forum entry, MacOSX and Windows CA, from Tom Ranson (available at ). (We’re going to be doing something similar with our wired workstations shortly, but my immediate focus is wireless clients.) The certificate we need is based on the Computer template. Workstations with a “Computer” certificate issued by our CA will have access to our Intranet workstations without a “Computer” certificate issued by our CA will be segregated onto a VLAN that can only access the Internet. We are going to use Cisco’s ACS to control which wireless workstations can access our Intranet.
I’m trying to understand how we can get certificates, based on the Computer template, onto our Macintosh OS 10.5.8 workstations (the Windows workstations are no problem).