Apple Configurator

Configure EAP-TLS on Foxpass

Please follow the EAP-TLS initial setup guide to create client CA, server CA and SCEP endpoint if not configured already.


Create SCEP profile

Sample SCEP Profile

Sample SCEP Profile

  • Verify if the SCEP endpoint is created and configured correctly.
  • URL - Obtain the URL from SCEP page. It will be mentioned below 'Unique Endpoint' heading on the SCEP page.
  • Name - leave blank

🚧

Remember to always use "CN" in capitalized form.

  • Subject - CN=<user's email address>
  • Subject Alternative Name Value (optional) - RFC822: <user's email address>.
  • Challenge - Copy the Challenge password from the SCEP page.
  • Key Size: Note the key size should be 4096 bits.
  • Fingerprint - Click 'Create from Certificate' and select the client CA certificate you downloaded earlier.
  1. Add section for Server CA

  • Go back to Apple Configurator 2. Click Certificates on the left side of your profile.
Configure Certificate

Configure Certificate

  • Click Configure. Select 'Server CA' from the 'Downloads' folder. You will start seeing 'Server CA' as specified in the screenshot below:
Foxpass Server CA in Certificates

Foxpass Server CA in Certificates

  1. Now, select WiFi option on the left side.

  • By default, enterprise settings are selected to Protocols.
  • SSID - Your network's SSID Note: this must match EXACTLY, including capital letters.
  • Security Type - WPA/WPA 2 Enterprise or WPA2/WPA3 Enterprise depending on what you have configured in your Access Point.
  • Protocols - TLS
  • Identity Certificate - Select SCEP from the dropdown.
Sample WiFi Payload

Sample WiFi Payload

  • Now select 'Trust' in 'Enterprise Settings'. Select the Server CA.
  1. Save and test

    Go to your MAC System Settings, search Profiles > Install, view or remove configuration profiles. Click on the the profile you just configured in Apple Configurator 2. A dialog box will open to ask if you want to install the profile. Click 'Install'.

The profile will be installed and you can see a SCEP certificate under 'Client Certificates' on the EAP-TLS page.

Foxpass sample profile in MAC

Foxpass sample profile in MAC

Sample SCEP certificate

Sample SCEP certificate

If all well, you will be able to connect to your SSID.

Connected to SSID

Connected to SSID