Manualshelf

Enterprise Deployment Manual

ManualsBrandsApple ManualsOtheriphone
81828384858687888990
Table Of Contents
82 Appendix B Configuration Profile Format
EAPClientConfiguration Dictionary
In addition to the standard encryption types, it’s possible to specify an enterprise
profile for a given network via the “EAPClientConfiguration key. If present, its value is a
dictionary with the following keys.
Key Value
UserName String, optional. Unless you know the exact user name, this
property won’t appear in an imported configuration. Users can
enter this information when they authenticate.
AcceptEAPTypes Array of integer values. These EAP types are accepted:
13 = TLS
17 = LEAP
21 = TTLS
25 = PEAP
43 = EAP-FAST
PayloadCertificateAnchorUUID Array of strings, optional. Identifies the certificates to be trusted
for this authentication. Each entry must contain the UUID of a
certificate payload. Use this key to prevent the device from
asking the user if the listed certificates are trusted.
Dynamic trust (the certificate dialogue) is disabled if this
property is specified, unless TLSAllowTrustExceptions is also
specified with the value true.
TLSTrustedServerNames Array of string values, optional. This is the list of server certificate
common names that will be accepted. You can use wildcards to
specify the name, such as wpa.*.example.com. If a server
presents a certificate that isn’t in this list, it won’t be trusted.
Used alone or in combination with TLSTrustedCertificates, the
property allows someone to carefully craft which certificates to
trust for the given network, and avoid dynamically trusted
certificates.
Dynamic trust (the certificate dialogue) is disabled if this
property is specified, unless TLSAllowTrustExceptions is also
specified with the value true.
TLSAllowTrustExceptions Boolean, optional. Allows/disallows a dynamic trust decision by
the user. The dynamic trust is the certificate dialogue that
appears when a certificate isn’t trusted. If this is false, the
authentication fails if the certificate isn’t already trusted. See
PayloadCertificateAnchorUUID and TLSTrustedNames above.
The default value of this property is true unless either
PayloadCertificateAnchorUUID or TLSTrustedServerNames is
supplied, in which case the default value is false.