Security

Hi,

A long time ago I successfully configured eap-tls onan apple watch  ... think it was around watchos 5.x ... this was with a Cloudpath onboarding system.

Yesterday I tried the same thing using the ClearPass ( 6.10.7) onboarding option with cppm acting as a CA.

I pointed my iPhone at  my provisioning page  and it successfully downloads the  profile for installation but at no point  does it ask if i want to install the cert on my watch ( thinking about it, might have been before apple decided all you could do is download a profile and then manually install it)

The watch sees my wpa3-enterprise network and prompts you for a username and password which isnt much good :-(

Apple configurator 2  isn't much good either.  It detects Apple TVs or iPhones but not the watch.

Some people mentioned the "hidden" browser in watchOS and suggested emailing myself the URL of a suitably configured .mobileconfig file .. I have  used a url to point to a .mobileconfig file in the past (suitable MIMW types associated on the http server) ...but watchOS 9.1 doesnt seem to give you the option to follow a URL when reading one  in an email  message ....


So, any ideas as to how to EAP-TLS a watchOS9.1 device?

Rgds
Alex

ok
Tried the emailing myself a URL again, and yes if it is sent directly to you not forwarded ....
browser does open and  yes you can log into onboard. You get as far as  a prompt to send a profile to the client device . clicking on the send  profile  link and  you get a message on the watch saying  you cannot display the profile
Original Message:
Sent: Nov 28, 2022 08:38 AM
From: Alex Sharaz
Subject: Apple Watch Ultra ( watchOS 9.1) can you configure EAP-TLS on it?

Hi,

A long time ago I successfully configured eap-tls onan apple watch  ... think it was around watchos 5.x ... this was with a Cloudpath onboarding system.

Yesterday I tried the same thing using the ClearPass ( 6.10.7) onboarding option with cppm acting as a CA.

I pointed my iPhone at  my provisioning page  and it successfully downloads the  profile for installation but at no point  does it ask if i want to install the cert on my watch ( thinking about it, might have been before apple decided all you could do is download a profile and then manually install it)

The watch sees my wpa3-enterprise network and prompts you for a username and password which isnt much good :-(

Apple configurator 2  isn't much good either.  It detects Apple TVs or iPhones but not the watch.

Some people mentioned the "hidden" browser in watchOS and suggested emailing myself the URL of a suitably configured .mobileconfig file .. I have  used a url to point to a .mobileconfig file in the past (suitable MIMW types associated on the http server) ...but watchOS 9.1 doesnt seem to give you the option to follow a URL when reading one  in an email  message ....


So, any ideas as to how to EAP-TLS a watchOS9.1 device?

Rgds
Alex