Watch 3 LTE and Smartone

Called Smartone/Apple in the Oz - recap:

//here's what I've replied to Apple Support:

Hi /*nice fella*/ ,

Thank you very much for investigating this together, here's a recap for what we've discussed:

1) It's an iPhone X on iOS 11.4, Watch LTE (A1891) with WatchOS 4.3.1 on Smartone HK, all latest and supported. Smartone has confirmed that my account is ready for a new Apple Watch.

2) When provisioning the mobile data for Smartone HK from the Watch app, a carrier-managed portal is popped up (like a web page) and from the latest Smartone HK ipcc file I guessed it's at

https://sma.prod.ondemandconnectivity.com

which in turn is owned by Gemalto SA, who provides SIM/eSIM provisioning to Smartone HK.

3) The above website cannot be opened in iPhone Safari here in HK or anywhere else straightaway due to a SSL issue. The site is encrypted with a self-signed certificate.

4) It's announced that from iOS 11 there is a behaviour change that self-signed certificates are no longer trusted (or be prompted to the user). Stricter requirements also applied to apps.

5) I have manually installed the certificates Gemalto used to encrypt that protal and in Safari I can get connected. But I cannot change the certificate trust settings for the Watch app. If you have insider access/debug capabilities can you check this up?

I understand that this is rather complicated but please check if other users running iOS 11.4 above on Smartone is having similar issues. This may require some end-to-end testing between Apple, Smartone and Gemalto together and I am happy to provide help.

Of course that's my initial guess and please do not let this misled your investigations. Let me know if you need anything else or have any new findings.

Many thanks