Jump to content
MATAIS

MDM https requirements

Recommended Posts

Hello,

I want to use my wildcard certificat that looks like *.my-domain.com (it does not contain the CommonName or subjectAltNames matching the MDM hostname)  for enrollment devices process,

But when i read the requirements here https://help.eset.com/era_install/65/en-US/certificate_mdm_https_requirements.html,

the CommonName or subjectAltNames must match the MDM hostname
 validation-status-icon-infoNOTE:  If the MDM hostname is , for example hostname.mdm.domain.com, your certificate can contain names like:
•hostname.mdm.domain.com
•*.mdm.domain.com
But not names like :
•*
•*.com
•*.domain.com
 

I think my wildcard it's not supported ?

Best regards,

Share this post


Link to post
Share on other sites

Hello,

Those requirements are there mainly because iOS devices as we use built-in iOS. What iOS devices accept as trusted differs per iOS version and we described _most_ restrictive rules which should work always. (There are other requirements like RSA2048+, SHA256+ etc... for iOS described elsewhere in documentation)

So in the end Your certificate may work (it will definitely work for Android devices), however when Apple brings some update to their trust validation it might stop working.

HTH,

M.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...