AppleTV WPA2 Enterprise Wireless Authentication
Since update 5.1 for the AppleTV, it has been able to support WPA/WPA2 Enterprise authentication for wireless networks, but it’s not as easy as just clicking “Connect to <network name>” and typing in your username/password. You actually have to use the Apple Configurator to push a profile to the AppleTV to get it set up. This isn’t actually terribly complex, but there are a number of moving parts that can easily gum up the works if you don’t get them set up quite so.
Note: It is a good idea to have the AppleTV software up-to-date before doing this, if it is not, the Apple Configurator will try to update the software and tends to fail, leaving you with an AppleTV in recovery mode. This can add quite a bit of extra time to the process and is best avoided.
1. You will need the Apple Configurator, it is available through the Mac App store or you can download it here. You will also need to connect your AppleTV to your computer via a micro USB cable.
2. Open the configurator, click Prepare (at the top) then click the Install Profiles button, then click the + sign at the bottom and click Create New Profile.
3. Give the profile a name, this doesn’t need to be anything specific, but a good descriptive name is always best. Then select Wi-Fi from the list of configurable options in the left pane.
4. Fill in the information including SSID, select Auto-Join, security type WPA/WPA2 Enterprise, protocols – PEAP is what you would use if you have a username/password to authenticate with, EAP-TLS is what you would use if you are going to be importing a certificate to authenticate with.
5. Enter your username/password for PEAP or import your certificate for EAP-TLS (if you are not sure where to import your certificate, jump to step 7).
6. Leave Outer Identity blank (generally).
All of that stuff is pretty straight-forward, the next part is where it can get a little tricky if you don’t do everything right.
7. Scroll down on the left side to Certificates. You will need to import BOTH the public key of the certificate that is on your RADIUS server as well as the public key of the CA that issued the certificate. If you set up a Microsoft CA in your environment for this, it is very easy. Log into your CA server (or have your network admin do this if you are not one) open MMC and add the Certificates snap-in, right click the CA certificate and click All Tasks and click export. Be sure to ONLY export the public key, you do not need the private key for this. Do the same for the certificate that is on your RADIUS server and import both of these certificates to the AppleTV in the Certificates section. If you purchased a certificate through a third-part CA such as Verisign or GoDaddy, you should have received the CA public key from them when you received your certificate and you can export the server certificate using the same method as above.
Note: Some third-party CAs (such as GoDaddy) require an intermediate certificate as well, which you should have also received. In this case, you will need to import that one as well, so you will have 3 certificates to import in this scenario, not 2.
8. Once you have imported both of these certificates you can go back up to Wi-Fi on the Apple TV and click the Trust section, make sure all of the certificates that you imported are there and select the checkboxes next to all of them.
9. Now you can click Save and then click the Prepare button at the bottom to push the profile to the AppleTV.
If you have issues getting it to connect to your network, verify the username/password that you used in the profile as well as the certificates. Sadly there is no way (that I’ve found) to view these on the AppleTV directly, you have to review/edit the profile and re-prepare the AppleTV. The error I have most commonly run into is below, and is one of the errors indicative of not having the right certificates imported with the profile.
There was a problem connecting to the network -369033213
Hope this helps, below are a few links that I used while working this out myself.