Jump to content

Archived

This topic is now archived and is closed to further replies.

Sista

Error: HTTPS certificate chain is incomplete. Enrollment is not allowed

Recommended Posts

Hello,

i have an ESMC VA ver 7.1 with 3rd HTTPS certificate and all is working perfectly.

Now I installed a MDM Connector VA latest version and I use the same 3rd HTTPS certificate in the setup screen, and if I reach https://mdm.xxxx.it:9980 the certificate is ok.

The problem is that I see and alert for the MDM VA says:

HTTPS certificate chain is incomplete. Enrollment is not allowed 

But the chain is complete.

 

Please were I was wrong?

 

Thank you
Andrea

Share this post


Link to post
Share on other sites

Some update, if I generate a new certificate for Mobile Device Connector and then apply it to the mdm server via Policy I don't see any error in the ESMC but when I connect to https://mdm.xxxxxx.it:9980 I see certificate warning because it was  generated from the interal CA and the mbiel phone can connect to ESMC.

If I try to use a valid certificate from public CA in the Policy it doesn't apply with the error:

MDM policy contains invalid https certificate. The old certificate is still being used 

 

Some one can explain me?

 

Thank you 

Andrea

Share this post


Link to post
Share on other sites

Hello,

Short answer: Please add root CA of your 3rd party certificate into pkcs#12 which is configured as HTTPS certificate. See for example this thread.

Long answer: Certificates provided by 3rd party certification authorities (usually) don't contain root CA as trust is established by system certificate store and certificate and chain provided by HTTPS server. We require root CA in configured pkcs#12 as we establish MDM - device trust during device enrollment - we install root CA onto device. In our wording we note chain even if - only - root CA is missing (as it's impossible to determine whenever chain is complete without root CA, even thought it's not technically correct).

HTH,

M.

Share this post


Link to post
Share on other sites

Hello Mirek,
I tried to upload the complete pfx, but the problem was that the file have some kinds of problem, I recreate a new pfx with all the three certificate and now the warning is gone.

Now I can connect to https://mdm.xxxx.it:9980 with not problem and I have enroll my first mobile device.

Thank you
Andrea

Share this post


Link to post
Share on other sites

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...