Self Signed Certificate Error during iOS OTA Enrollment
This article shows how to resolve an error if you are manually enrolling 10.3+ devices in FileWave with a self-signed certificate.
It is considered a best practise to have a root trusted certificate defined in the FileWave> Preferences> Mobile> HTTPS certificate section. In FileWave v12+ it is easy to determine whether you have a self-signed certificate or not. Simply log into the FileWave Admin, open the preferences, go to the "Mobile" tab, and you will see in the HTTPS section, the following line:
If this is the case, you will still be able to enroll iOS 10.3+ devices through DEP. But if the device is iOS 10.3+ and you try a manual web enrollment (OTA), you will get the following error.
If you choose to retain your self-signed certificate, you will have to use the steps below to resolve the error. Alternatively, you can purchase a root trusted certificate, and you will not encounter this issue. Again, it is highly recommended that you purchase a root trusted certificate (can include a wildcard) so that you don't have to work around this trust issue, as described below.
Steps to Resolve (if you choose to keep a self signed certificate in place)
- Navigate to the your manual enrollment address: https://your.fw.server.DNS.here:20443/ios
- Select: "Step 1 - Install Certificate"
- Once you have selected step one, the device will ask you to Install the cert, go through those three prompts by hitting Install each time and finally Done.
- After the certificate has been installed, open the "Settings" app on the iOS device. Do not start Step 2 (This will prompt the error).
- Go into General => About
- At the bottom of the "About" section, tap the sub section called "Certificate Trust Settings"
- You will see an option called ENABLE FULL TRUST FOR ROOT CERTIFICATES
- Toggle that option for your newly installed certificate
Now go back to the manual enrollment page and finish the steps with "Step 2 - Enroll Device".
No Comments