How deploy Certificate automation to mobile (IOS, Android) use Squid Proxy?
-
Thanks for quick feedback! Gertjan
As you know, Squid Guard is required Certificate to apply rules reject URL and apply blacklist.
If one PC or mobile have not a Certificate (of Pfsense), it's could not access to internet.
So, with a PC you can install easily & I wonder about the mobile phone. How I can install CER to mobile phone? (IOS, Android) -
@letuanvn said in How deploy Certificate automation to mobile (IOS, Android) use Squid Proxy?:
So, with a PC you can install easily & I wonder about the mobile phone. How I can install CER to mobile phone? (IOS, Android)
That's the core question.
Guess so .... not sure. But Google showed me that it can be done https://support.quovadisglobal.com/kb/a64/how-do-i-install-a-digital-certificate-onto-an-iphone-or-ipad.aspx
pfSense can export p12 certs.
So, mail it up, and instruct the iPhone user.
It might be wise not to use non-trusted certs. That's where the acme package kicks in, and you'll be needing a domain name.
Samsung devices : probably also.So, actually, it could be done - although not fully automated. But hey, I could be wrong twice today ^^
-
Hi Gertjan,
Thank you again for your answer!
I have to refer some Guide on google seem to you. But it's manual to add to the phone.
I would like to take easy for end users --> Automatic.Example: Network Policy Server (NPS) of Microsoft, auto apply certificate when the mobile connect to wifi, end user only hit TRUST the certificate and access internet successfully.
Many thanks if have more any good for me to process the next step.
Thanks,
Tony -
@letuanvn said in How deploy Certificate automation to mobile (IOS, Android) use Squid Proxy?:
Example: Network Policy Server (NPS) of Microsoft, auto apply certifi
A notable difference here is : these devices are not owned by the users, they are merely the tools they use to work with. The owner - the company, will state what to do when and how up front.
Devices used on a captive portal are owned by the users themselves. -
Actually, i would like to protect personal device access to LAN network.
So, i use Squid Guard and i get the trouble with Mobile Phone. (Can not install Certificate, can not access to internet) -
Anybody can help?
-
@letuanvn said in How deploy Certificate automation to mobile (IOS, Android) use Squid Proxy?:
Mobile Phone
Well ... for the iPhones/iPad, etc your ok, right ? You saw the link. It's hands-on time now.
Pretty sure by now that 'the other one' (Samsung) can import certs also.Why do you want to protect devices ? With Squid ?
All traffic is already TLS ... Mobile devices have no open ports (users can't mess them up as they do with their PC's).
You could even put your AP's in "isolating mode" (something that Windows does as an OS when it asks you if the network is Private or Public). -
@letuanvn said in How deploy Certificate automation to mobile (IOS, Android) use Squid Proxy?:
Anybody can help?
You're stubborn...as Gertjan already stated, it won't work...for Samsung, get an OTG cable and transfer the certificate to a jump drive, then connect the drive to the OTG cable and install...for IOS, you can use iTunes or the iCloud or email as that's a closed environment.
-
@NollipfSense Thanks for your feedback!
I understood Gertjan mean. But it's a manual action. -
@letuanvn said in How deploy Certificate automation to mobile (IOS, Android) use Squid Proxy?:
@NollipfSense Thanks for your feedback!
I understood Gertjan mean. But it's a manual action.It cannot be done automatically as you're wanting to do.