Hi, thanks again for that documentation. We are finally trying to do this but I seem to have come stuck :/ In DLS the Administration -> PKI option is a solid circle instead of a folder that can be expanded.

I assumed from what the documentation said that there was no installation of the connector or plugin required. Is that correct?

Oops - we worked out the problem - it was the DLS user permissions. When logging into DLS as Administrator it appears fine.

Now the next issue is licensing. I am now totally confused - from the doco I read we would not need additional licensing to use the PKI Connector, however from what I can read we do need to use the MSCA Plugin and that requires PKI licensing.

The reason for the confusion is that I thought licensinging was required if we were using PKI to secure the phone -> DLS communication, and not for phone -> 802.1X CA

Hi, thanks again for that documentation. We are finally trying to do this but I seem to have come stuck :/ In DLS the Administration -> PKI option is a solid circle instead of a folder that can be expanded.

I assumed from what the documentation said that there was no installation of the connector or plugin required. Is that correct?

Thanks Kimera, that was great to know.

I was able to find the DLS Admin and Install manual (P31003-S2370-M107-15-76A9 with filename 20130827074202!Deployment-Service_V7_en.pdf but in the footer it mentions 04/2013)

I couldn't find the new verison of the 802.1X manual though, the latest being the April 2011 one which seems quite outdated.

However from various doc's I can now see that even with our current V3 of DLS we can do individual cets pushed to the phones via template as long as the filenames match a look-up pattern i.e. MACADDRESS-PK12 so that the right phone cert can be pushed to the right phone.

The ideal scenario where it's all handled automatically from the CA also seems now possible with DLS V6 thanks to what they call the "PKI Connector" which seems to be a java plugin. I can't find much information about how it actually works, though there is config items in the latest DLS manual covering it. With this working we should then be able to issue, revoke, replace, renew etc phone certs direct from the CA with now work required on the DLS once it's all setup.

For now I'm going to try the manually generated certs and get DLS to assign them based on filename for a quick trial.

I'll keep the thread posted with my results. Thanks again!