HTTPS certificate requirements
To enroll a mobile device in ESET Mobile Device Connector, ensure that the HTTPS server returns the full certificate chain.
For the certificate to work properly, these requirements must be met:
•The HTTPS certificate (pkcs#12/pfx container) must contain the full certificate chain, including the root CA.
•The certificate must be valid during the required time (valid from / valid to).
•The CommonName or subjectAltNames must match the MDM hostname.
If the MDM hostname is hostname.mdm.domain.com, for example, your certificate can contain names like: •hostname.mdm.domain.com •*.mdm.domain.com But not names like: •* •*.com •*.domain.com Basically, the " * " cannot be used to replace the "dot". This behavior is confirmed for the way the iOS accepts the certificates for MDM. |
Note that some devices take their current time zone into consideration when checking the certificate validity, and other devices don’t. Avoid potential problems by giving the certificate validity a day or two before the current date. |