HTTPS certificate requirements

To enroll a mobile device in ESET Mobile Device Connector, ensure that the HTTPS server returns the full certificate chain.

For the certificate to work properly, these requirements must be met:

The HTTPS certificate (pkcs#12/pfx container) must contain the full certificate chain, including the root CA.

The certificate must be valid during the required time (valid from / valid to).

The CommonName or subjectAltNames must match the MDM hostname.

 

details_hoverNOTE

If the MDM hostname is hostname.mdm.domain.com, for example, your certificate can contain names like:

hostname.mdm.domain.com

*.mdm.domain.com

But not names like :

*

*.com

*.domain.com

Basically, you cannot use the " * " symbol to replace the "dot". This behavior is confirmed for the way the iOS accepts the certificates for MDM.

details_hoverNOTE

Some devices take their current timezone into consideration when checking the certificate validity, and other devices do not. Avoid potential problems by giving the certificate validity a day or two before the current date.