MATAIS 0 Posted June 20, 2019 Share Posted June 20, 2019 Hello, I want to use my wildcard certificat that looks like *.my-domain.com (it does not contain the CommonName or subjectAltNames matching the MDM hostname) for enrollment devices process, But when i read the requirements here : https://help.eset.com/era_install/65/en-US/certificate_mdm_https_requirements.html, the CommonName or subjectAltNames must match the MDM hostname validation-status-icon-infoNOTE: If the MDM hostname is , for example hostname.mdm.domain.com, your certificate can contain names like: •hostname.mdm.domain.com •*.mdm.domain.com But not names like : •* •*.com •*.domain.com I think my wildcard it's not supported ? Best regards, Link to comment Share on other sites More sharing options...
MATAIS 0 Posted June 23, 2019 Author Share Posted June 23, 2019 up Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted June 24, 2019 ESET Staff Share Posted June 24, 2019 Hello, Those requirements are there mainly because iOS devices as we use built-in iOS. What iOS devices accept as trusted differs per iOS version and we described _most_ restrictive rules which should work always. (There are other requirements like RSA2048+, SHA256+ etc... for iOS described elsewhere in documentation) So in the end Your certificate may work (it will definitely work for Android devices), however when Apple brings some update to their trust validation it might stop working. HTH, M. Peter Randziak 1 Link to comment Share on other sites More sharing options...
Recommended Posts