ESET Online Help

Search English
Select the category
Select the topic

HTTPS certificate requirements

To enroll a mobile device in ESET Mobile Device Connector, ensure that the HTTPS server returns the full certificate chain.

For the certificate to work properly, these requirements must be met:

The HTTPS certificate (pkcs#12/pfx container) must contain the full certificate chain, including the root CA.

The certificate must be valid during the required time (valid from / valid to).

The CommonName or subjectAltNames must match the MDM hostname.


If the MDM hostname is, for example, your certificate can contain names like:


But not names like:




Basically, the " * " cannot be used to replace the "dot". This behavior is confirmed for the way the iOS accepts the certificates for MDM.


Note that some devices take their current time zone into consideration when checking the certificate validity, and other devices don’t. Avoid potential problems by giving the certificate validity a day or two before the current date.