HTTPS certificate requirements

To enroll a mobile device in ESET Mobile Device Connector, ensure that the HTTPS server returns the full certificate chain.

For the certificate to work properly, these requirements must be met:

The HTTPS certificate (pkcs#12/pfx container) must contain the full certificate chain, including the root CA.

The certificate must be valid during the required time (valid from / valid to).

The CommonName or subjectAltNames must match the MDM hostname.

 

note

Note

If the MDM hostname is hostname.mdm.domain.com, for example, your certificate can contain names like:

hostname.mdm.domain.com

*.mdm.domain.com

But not names like :

*

*.com

*.domain.com

Basically, the " * " cannot be used to replace the "dot". This behavior is confirmed for the way the iOS accepts the certificates for MDM.

note

Note

Note that some devices take their current timezone into consideration when checking the certificate validity, and other devices don’t. Avoid potential problems by giving the certificate validity a day or two before the current date.