HTTPS certificate requirements

To enroll a mobile device in ESET Mobile Device Connector, ensure that the HTTPS server returns the full certificate chain.

For the certificate to work properly, these requirements must be met:

The HTTPS certificate (pkcs#12/pfx container) must contain the full certificate chain.

if the certificate is self-signed it must also contain root of the certification authority (CA)

if the certificate is signed by a third-party ,which is included in trusted root CA on devices and server it is not required  to contain the root CA .

for windows installations, the MDM is unable to send certificate chain automatically -  follow these steps to send the certification chain. (Not required if certificate represents self-signed root CA)

the certificate must be valid during the required time (valid from / valid to)

the CommonName or subjectAltNames must match the MDM hostname


validation-status-icon-infoNOTE:  If the MDM hostname is , for example, your certificate can contain names like:


But not names like :




Basically, the " * " cannot replace the "dot" part.  This behavior is confirmed for the way the iOS accepts the certificates for MDM.