logo


MDM:Certificate invalidated after installing profile


Question By : homaxto

We have a working MDM solution, where enrolling devices and installing profiles works. However since iOS 5 customers have reported that the selfsigned certificate we use is reported as Not Trusted on the devices. Users that had the certificate and profiles installed on iOS 4 reports that is looking correct when they upgrade to iOS 5, as long as they don't re-enroll.

I have been able to reproduce this and taken the following screen dumps.

First I install the needed MDM root certificate. After installing it the root certificate appears to be trusted and looking at the details everything looks correct.

Install profile Profile installed iPhoneCA iPhoneCA details 1 iPhoneCA details 1

The next I do is to install a profile. At first the profile appears verified and I continue to installing it. When the install finishes the profile is no longer verifed and instead it is reported to be unsigned. Generating key Profile installed

Then I go back to the root certificate and now the certificate is no longer trusted. If I click to see the details all information about the certificate is gone.

Not trusted Empty iPhoneCA

When the enrollment has finished we are able to install and delete profiles on the device, however we see these warnings about the certificate not being trusted and the profile being unsigned

Unsigned profile

If I choose to reinstall the root certificate I can do that and I get the details back, a certificate that is reported trusted and a profile that is verified.

I have looked into our SCEP implementation trying to find the problem, but with no luck. Whenever I make changes to what is returned to the device, the device reports to me that what it receives is not valid. This makes me think that what we are sending is actually correct, since the device reports when there is a problem.

Has anyone seen problems like this, or do you have a possible explanation?

Edit

Maybe somebody has an idea about what type the self signed certificate should be? The one used in the screen schots below is x500 v1. If I create a X509 v3 (with extensions or not) the iOS device does not trust it no matter what.

If you are still facing the issue,please check are you using identity.p12 is correct one.The server which you are using that should exist. Please refer MDM_Protocol pdf document, this_page and this very carefully.

MDM Server has to be on https with valid SSL certificate. This is the simple problem of having a self signed ssl certificate.Please use a valid certificate.

server url you have given in the profile is not of valid ssl connection that is the problem it seems. you need to make the server url connection as valid trusted ssl url. As when you install the profile it triggers your server and hence gets an invalid/untrusted server url.


Answer


Answer By : tony blue

If you are still facing the issue,please check are you using identity.p12 is correct one.The server which you are using that should exist. Please refer MDM_Protocol pdf document, this_page and this very carefully.


Answer By : Varun

MDM Server has to be on https with valid SSL certificate. This is the simple problem of having a self signed ssl certificate.Please use a valid certificate.


Answer By : Varun

server url you have given in the profile is not of valid ssl connection that is the problem it seems. you need to make the server url connection as valid trusted ssl url. As when you install the profile it triggers your server and hence gets an invalid/untrusted server url.


Question Network @ 2012 All rights reserved. Privacy policy

Featured sites : View infomation site in showsiteinfo
Powered by Google App Engine