HomeGuidesAPI Reference
Get Started

Apple Configurator

Suggest Edits

  1. Download Client CA

  • Download Client CA from the SCEP page by clicking 'Download CA' button under Client Certificate Authorities. Change the extension of the downloaded CA certificate file from .crt to .cer.
Download Client CA

Download Client CA

  1. Download Active Server CA

  • Download active Server CA from the SCEP page by clicking 'Download CA' under 'Server Certificate Authorities'.
Download Active Server CA

Download Active Server CA

  1. Create profile

  1. Create SCEP

  • Click on SCEP in left menu
Sample SCEP Profile

Sample SCEP Profile

  • URL - Obtain the URL from SCEP page. It will be mentioned below 'Unique Endpoint' heading on the SCEP page. If you need to create a SCEPEndpoint, please see the screenshot below for reference. Copy the endpoint from Foxpass console and paste it under URL in Apple Configurator.
SCEP URL Location

Ensure that you set Verification Type to 'User' and Authentication Type to 'Challenge Password'. The challenge password will be auto-generated upon creation.

  • Name - leave blank
  • Subject - CN=<user's email address>
  • Subject Alternative Name Value (optional) - RFC822: <user's email address>.
  • Challenge - Copy the Challenge password from the SCEP page.
  • Key Size: Note the key size should be 4096 bits.
  • Fingerprint - Click 'Create from Certificate' and select the CA certificate you downloaded earlier. Make sure to change the extension of the client CA from .crt to .cer.

  1. Add section for Server CA

  • Go back to Apple Configurator 2. Click Certificates on the left side of your profile.
Configure Certificate

Configure Certificate

  • Click Configure. Select 'Server CA' (The one you downloaded in Step 2)from the 'Downloads' folder. You will start seeing 'Server CA' as specified in the screenshot below:
Foxpass Server CA in Certificates

Foxpass Server CA in Certificates

  1. Now, select WiFi option on the left side.

  • By default, enterprise settings are selected to Protocols.
  • SSID - Your network's SSID Note: this must match EXACTLY, including capital letters.
  • Security Type - WPA/WPA 2 Enterprise
  • Protocols - TLS
  • Identity Certificate - Select SCEP from the dropdown.
Sample WiFi Payload

Sample WiFi Payload

  • Now select 'Trust' in 'Enterprise Settings'. Select the Server CA.

  1. Save and test

    Go to your MAC System Settings, search Profiles > Install, view or remove configuration profiles. Click on the the profile you just configured in Apple Configurator 2. A dialog box will open to ask if you want to install the profile. Click 'Install'.

The profile will be installed and you can see a SCEP certificate under 'Client Certificates' on the SCEP page.

Foxpass sample profile in MAC

Foxpass sample profile in MAC

Sample SCEP certificate

Sample SCEP certificate

📘

If there are any SCEP errors, it will be displayed as an alert in red colored box on the top of the SCEP page of the Foxpass console.

Updated 2 days ago