Enterprise Deployment Manual

Table Of Contents

Preface iPhone in the Enterprise 11

Cisco IPSec with certificate-based authentication supports VPN on demand for domains

you specify during configuration. See “VPN Settings” on page 35 for details.

Network Security

iPhone OS supports the following 802.11i wireless networking security standards as

defined by the Wi-Fi Alliance:

Â WEP

Â WPA Personal

Â WPA Enterprise

Â WPA2 Personal

Â WPA2 Enterprise

Additionally, iPhone OS supports the following 802.1X authentication methods for WPA

Enterprise and WPA2 Enterprise networks:

Â EAP-TLS

Â EAP -TTLS

Â EAP-FAST

Â EAP-SIM

Â PEAP v0, PEAP v1

Â LEAP

Certificates and Identities

iPhone, iPod touch, and iPad can use X.509 certificates with RSA keys. The file

extensions .cer, .crt, and .der are recognized. Certificate chain evaluations are

performed by Safari, Mail, VPN, and other applications.

Use P12 (PKCS #12 standard) files that contain exactly one identity. The file extensions

.p12 and .pfx are recognized. When an identity is installed, the user is prompted for the

passphrase that protects it.

Certificates necessary for establishing the certificate chain to a trusted root certificate

can be installed manually or by using configuration profiles. You don’t need to add root

certificates that are included on the device by Apple. To view a list of the preinstalled

system roots, see the Apple Support article at http://support.apple.com/kb/HT3580.

Certificates can be securely installed over the air via SCEP. See “Overview of the

Authenticated Enrollment and Configuration Process” on page 22 for more information.