Thanks for you reply Quinn. I see in the console logs some statements that indicate that the OS is able to detect that there is a redirect when hitting http://captive.apple.com/hotspot-detect.html. Can I at least detect that with URLSession or a lower level networking API or is it a private API? Also just curious whats the difference between the publicly available webview API vs the full blown API that OS uses that can display the captive network UI?

If they’re issued to the machine then you can’t use the key directly for the reasons I’ve outlined above. By "the reasons outlined above", do you mean that ACME's private key is also stored in SE and that SE cannot be accessed?