Using HTTPS Decrypt and Inspect with Apple TV® devices

Article #:

Product

Castle

1881

Guardian

Edinburgh onwards

Summary

This article describes how to configure an Apple TV® device to recognize an HTTPS Decrypt and Inspect Certificate Authority (CA) certificate

Problem

Apple TV devices may be used on a network where an administrator performs HTTPS Decrypt and Inspect — a man-in-the-middle (MITM) interception. As with all devices, the CA certificate used by the Smoothwall to create certificates must be installed locally.

Apple TV devices do not support management tools such as Group Policy or mobile device management (MDM), so it is not possible to automatically distribute certificates.

Solution

HTTPS Inspection CA Certificates can be manually installed on the device as follows:

1. On the Apple TV, go to the AppleTV settings menu.
2. Select General.
3. Highlight Send Data To Apple.
4. Press Play (not the normal Select button) and you will be prompted to add a profile.
5. Select Add Profile and then enter:

http://[Smoothwall_IP_address]/modules/guardian3/mitm/https_interception_ca_certificate.crt

where Smoothwall_IP_address is the IP address of the Smoothwall appliance doing the interception

Now your Apple TV device will be able to access HTTPS websites when you are performing HTTPS Decrypt and Inspect. Note that the above process should also be possible using the Apple Configurator tool, refer to Apple documentation to achieve this.

Attribution:

Last updated:

Author:

Contributions by:

07 July 2016

 

DMT

SN

 

 

Copyright © 2000-2016 Smoothwall All rights reserved.