Jump to content

Christian Stück

  • Content Count

  • Joined

  • Last visited

Profile Information

  • Location

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Christian Stück

    MDM APNS Certificate validation

    Hello Forum, after some work i got my first iPhone registered at mdm 😄 But it only connects once and i get the error "APNS service certificate validation failed" I allready checked kb for mdm troubleshooting and investigated root certs: grep Entrust /etc/pki/tls/certs/ca-bundle.crt # Entrust Root Certification Authority # Entrust Root Certification Authority - G3 # Entrust.net Certification Authority (2048) # Entrust Root Certification Authority - EC1 # Entrust Root Certification Authority - G2 i tried openssl: openssl s_client -connect gateway.push.apple.com:2195 [...] SSL handshake has read 4066 bytes and written 338 bytes --- New, TLSv1/SSLv3, Cipher is DES-CBC3-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.2 Cipher : DES-CBC3-SHA Session-ID: Session-ID-ctx: Master-Key: 3CE83A11424D2666E442824A8DE22C3576CB941119068687B2DD39BF337980B5F4D795D179454AC9F669437536654E7B Key-Arg : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1544112439 Timeout : 300 (sec) Verify return code: 0 (ok) --- i'm after this for a few hours now - maybe someone has some ideas for me? i was thinking about my firewall but no outgoing traffic is blocked at all. Thanks in advance! Christian
  2. Christian Stück

    MDM Peer Certificate Problem

    i think i figured it out. i changed multiple things, so i don't know which one did it: - set server to advanced security (for ios12) - generated a new proxy-cert without a passphrase and with * as servername - works.
  3. Christian Stück

    MDM Peer Certificate Problem

    Hello ESET, i have an issue with MDM and peer certificates (not https): Agent on MDM (based on VA) is replicating to ESMC-Server. MDMCore is not replicating, gets "SSL Error" MDMCore is using a proxy certificate provided by ESMC-Server. At first i should say that i created a new CA and server/agent-certificates after installation of ESMC and configured the new server-cert in server-settings. Everything is running fine except MDM. While installing MDM with webconsole-connection it got a proxy-certificate from old CA. I tried to change this (unneccessarily while hunting other errors) and in the end revoked all certificates by old CA and deleted the old CA (maybe not clever). I reinstalled MDM-VA with base64-certificates exported from ESMC. Is there any component in the ESMC that may still use a certificate provided by the old CA? How can i deploy a valid certificate to MDM? Thanks in advance! Christian