Apple Configurator
Configure EAP-TLS on Foxpass
Please follow the EAP-TLS initial setup guide to create client CA, server CA and SCEP endpoint if not configured already.
Create SCEP profile
- Download Apple Configurator Application.
- Click on SCEP in left menu

Sample SCEP Profile
- Verify if the SCEP endpoint is created and configured correctly.
- URL - Obtain the URL from SCEP page. It will be mentioned below 'Unique Endpoint' heading on the SCEP page.
- Name - leave blank
Remember to always use "CN" in capitalized form.
- Subject - CN=<user's email address>
- Subject Alternative Name Value (optional) - RFC822: <user's email address>.
- Challenge - Copy the Challenge password from the SCEP page.
- Key Size: Note the key size should be 4096 bits.
- Fingerprint - Click 'Create from Certificate' and select the client CA certificate you downloaded earlier.
- Go back to Apple Configurator 2. Click Certificates on the left side of your profile.

Configure Certificate
- Click Configure. Select 'Server CA' from the 'Downloads' folder. You will start seeing 'Server CA' as specified in the screenshot below:

Foxpass Server CA in Certificates
- By default, enterprise settings are selected to Protocols.
- SSID - Your network's SSID Note: this must match EXACTLY, including capital letters.
- Security Type - WPA/WPA 2 Enterprise or WPA2/WPA3 Enterprise depending on what you have configured in your Access Point.
- Protocols - TLS
- Identity Certificate - Select SCEP from the dropdown.

Sample WiFi Payload
- Now select 'Trust' in 'Enterprise Settings'. Select the Server CA.

-
Go to your MAC System Settings, search Profiles > Install, view or remove configuration profiles. Click on the the profile you just configured in Apple Configurator 2. A dialog box will open to ask if you want to install the profile. Click 'Install'.Save and test
The profile will be installed and you can see a SCEP certificate under 'Client Certificates' on the EAP-TLS page.

Foxpass sample profile in MAC

Sample SCEP certificate
If all well, you will be able to connect to your SSID.

Connected to SSID
Updated about 2 months ago