Sista 0 Posted April 11, 2020 Share Posted April 11, 2020 Hello, i have an ESMC VA ver 7.1 with 3rd HTTPS certificate and all is working perfectly. Now I installed a MDM Connector VA latest version and I use the same 3rd HTTPS certificate in the setup screen, and if I reach https://mdm.xxxx.it:9980 the certificate is ok. The problem is that I see and alert for the MDM VA says: HTTPS certificate chain is incomplete. Enrollment is not allowed But the chain is complete. Please were I was wrong? Thank you Andrea Link to comment Share on other sites More sharing options...
Sista 0 Posted April 11, 2020 Author Share Posted April 11, 2020 Some update, if I generate a new certificate for Mobile Device Connector and then apply it to the mdm server via Policy I don't see any error in the ESMC but when I connect to https://mdm.xxxxxx.it:9980 I see certificate warning because it was generated from the interal CA and the mbiel phone can connect to ESMC. If I try to use a valid certificate from public CA in the Policy it doesn't apply with the error: MDM policy contains invalid https certificate. The old certificate is still being used Some one can explain me? Thank you Andrea Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted April 13, 2020 ESET Staff Share Posted April 13, 2020 Hello, Short answer: Please add root CA of your 3rd party certificate into pkcs#12 which is configured as HTTPS certificate. See for example this thread. Long answer: Certificates provided by 3rd party certification authorities (usually) don't contain root CA as trust is established by system certificate store and certificate and chain provided by HTTPS server. We require root CA in configured pkcs#12 as we establish MDM - device trust during device enrollment - we install root CA onto device. In our wording we note chain even if - only - root CA is missing (as it's impossible to determine whenever chain is complete without root CA, even thought it's not technically correct). HTH, M. Link to comment Share on other sites More sharing options...
Sista 0 Posted April 13, 2020 Author Share Posted April 13, 2020 Hello Mirek, I tried to upload the complete pfx, but the problem was that the file have some kinds of problem, I recreate a new pfx with all the three certificate and now the warning is gone. Now I can connect to https://mdm.xxxx.it:9980 with not problem and I have enroll my first mobile device. Thank you Andrea Link to comment Share on other sites More sharing options...
Recommended Posts