How can I get an Apple TV to accept the hive certificate?

  • 1
  • Question
  • Updated 4 years ago
  • Answered
I've got an Apple TV that I can use via Ethernet but when I try to connect it via WiFi it tells me my WiFi network requires a profile and it can't continue.

What do I need to do with the AP or Apple TV to get it to accept the hive cert and be able to enter a network username and password so it can connect to the WiFi?
Photo of isstaff

isstaff

  • 1 Post
  • 0 Reply Likes

Posted 4 years ago

  • 1
Photo of Brian Ambler

Brian Ambler

  • 245 Posts
  • 126 Reply Likes
The Apple TV requires a profile to be loaded (as you are seeing) in order to authenticate to the network using 802.1X.  To configure the profile needed, download the Apple Configurator from Apple's App Store for MacOS. For now it looks like this application does not support Windows or Linux, as mentioned in numerous threads. I am not familiar with this application personally, but I'm sure there are guides on Apple's website or perhaps another user on this forum is familiar and can help you out.

Hope this helps
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
For 802.1X

Apple Configurator

create a profile and upload to AppleTV with micro usb cable.

http://training.apple.com/pdf/WP_8021X_Authentication.pdf

Cheers

Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
I should also warn you that the AppleTV will need to get it's time from NTP servers on the internet.
Apple has a set list they try.

So if it loses power for any reason, the dot1x profile will fail to connect because the server cert won't be valid with the default AppleTV time of 1970.

You are better off using ethernet cable or PSK

Cheers
A
Photo of Andrew Garcia

Andrew Garcia, Official Rep

  • 368 Posts
  • 120 Reply Likes
Well that explains my complete lack of success the last time I tried this.  

When you say up-to-date, does that mean hardware(ATV3) or software is up to date?  You'll have to pry my ATV2s from my cold dead hands.

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Just the software.
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Knowing Apple it may only be ATV3 with the latest code.

@Nick do you know if they have added dot1X support for the ethernet

Also if it saves that last known time in software, what if the AppleTV is down for an hour. Usually auth servers can skew the client time but it is usually like + or - 15mins.

Can't seem to find any useful info on this persistent NTP Sync.

Photo of Nick Lowe

Nick Lowe, Official Rep

  • 2491 Posts
  • 451 Reply Likes
Works on the ATV2 with the latest software.

802.1X is still only supported for wireless sadly.

It worked when I tested things with PEAP-MS-CHAP-v2 when down for an extended period of time. I have not tested client certificate use cases though.
(Edited)
Photo of Andrew MacTaggart

Andrew MacTaggart, Champ

  • 483 Posts
  • 86 Reply Likes
Brain fart

For some reason I was thinking mutual Auth with client side certs.

A