The mailing list for users of the eduroam Configuration Assistant Tool (CAT)

[Martin Stanislav <ms AT uakom.sk>]

Dear Andreas,

Thank you for sharing your experience connecting an apple watch
to eduroam (in general to a wireless network in WPA2-Enterprise
mode with an apple watch acting in a role of 802.1X client).
Wi-Fi configuration profile (with a certificate) imported
and saved on an apple watch is clearly visible from apple watch app
on a paired iphone.

This has possibly occured as a collateral or a (positive) side efect
to Apple announcing new device management features in iOS 17 [1]:

"An Apple Watch can be enrolled and managed by MDM when paired to a 
supervised iPhone."

Kind regards,
Martin

[1] https://support.apple.com/en-hk/HT213892

On Thu, Feb 01, 2024 at 05:50:14PM +0100, Andreas Zeller wrote:
> Dear eduroam team,
> 
> For years, I have tried to connect my Apple Watch to eduroam. Neither 
> connecting to eduroam directly nor installing the eduroam.org certificate 
> for Apple devices worked.
> 
> This is what worked for me on iOS 17.3 and watchOS 10.3:
> On a Mac, get an installation profile from cat.eduroam.org 
> <https://cat.eduroam.org/>
> On the Mac, open the profile with Apple Configurator. Duplicate it or 
> create a new profile, copying as many settings as possible
> (Important) Enter your user Wi-Fi name and password and make them part of 
> the profile. I think this may be the crucial part that otherwise keeps the 
> profile from being installed.
> Save the profile and Airdrop it to your iPhone. You can now install it on 
> your Apple Watch.
> Connect your Apple Watch to eduroam. You may have to accept some extra 
> certificates, but after that, you should be connected.
> If everything works, you're done! Keep the profile in a safe place (or 
> delete it), as it contains your password in the clear.
> 
> The process is made somewhat more difficult as the eduroam.org 
> <http://eduroam.org/> certificate is signed and therefore immutable; also, 
> adding your name and password to the certificate brings obvious security 
> risks. But in case someone asks for assistance, the above may help.
> 
> Best wishes, and keep up the good work,
> 
> Andreas Zeller
> 
> 
> This message will be sent to a public mailing list. Only English language 
> please! 
> 
> 
> Prof. Dr. Andreas Zeller  |  Faculty
> CISPA Helmholtz Center for Information Security 
> <https://www.cispa.saarland/>
> Stuhlsatzenhaus 5, 66123 Saarbrücken, Germany
> 
> Phone: +49 681 87083-2372 <tel:+49681870832372>  |  Fax: +49 681 87083-8801 
> <tel:+49681870832372>
> Mail: zeller AT cispa.de <mailto:zeller AT cispa.de>  |  Web: 
> https://andreas-zeller.info <https://andreas-zeller.info/>  |  Mastodon: 
> @AndreasZeller AT mastodon.social <https://mastodon.social/@AndreasZeller>
> 
> 
> 
> To unsubscribe, send this message: 
> mailto:sympa AT lists.geant.org?subject=unsubscribe%20cat-users
> Or use the following link: 
> https://lists.geant.org/sympa/sigrequest/cat-users