Device Enrollment works for desktop but fails for iOS devices
-
14-04-2021 - |
Question
I've been doing a ton of reading, and even found this question ( Device enrollment fails, error: server certificate is invalid ) and followed the instructions.
- I first installed my Godaddy certificate in my Server.app
- Then I enabled Wiki and Profile Manager, configuring the certificate and all that jazz.
When the invalid certificate error came up, I did some digging, and found the above thread.
- I went and installed the intermediary certificate but didn't bother replacing the gd certificate, since it was already installed.
- I rebooted the server for safe measure, and tried again.
Problem is, I'm still getting the same darn error... what could be up?
FYI: Here's the article regarding installing certs from Godaddy.
Solution 2
Interesting Story.
I went into server certificates, created an unsigned certificate... enabled it and attached it to the Profile Manager. Tried to enroll, and FAILED.
Then I went back into server certificated, re-installed the signed Godaddy certificate... enabled it and attached it to the Profile Manager. This time, enrollment PASSED.
So freaking strange.
OTHER TIPS
to allow the enrollment, I went to the Hardware and then select settings tab. there I went to custom SSL and then make sure that the certificate that was recognized by apple is selected for the web then it work...
In general, I am doing a two step enrollment:
- From https://server.local/mydevices select Profiles and then install the Trust Profile
- Select Devices and then Enroll
I do make sure that DNS is running on the OSX server and only have two zones for the server IP itself and a forwarder to your preferred DNS server. Also, this works with unsigned certificates loaded, so you should be able to know fairly quickly that it's a DNS issue where the cert and the server are not matching if things work when you install the trust profile first.