Self Signed Certificate Error during iOS OTA Enrollment

This article shows how to resolve the certificate-trust error that can appear when you manually enroll iOS or iPadOS devices through OTA enrollment while the FileWave Server uses a self-signed certificate.

For production environments, use a publicly trusted server certificate when possible. If the server still uses a self-signed certificate, confirm the certificate shown in FileWave Central → Preferences → Mobile → HTTPS certificate.

Automated Device Enrollment can still work with this certificate state, but manual OTA enrollment may fail until the device trusts the installed root certificate.

If you keep the self-signed certificate, use the steps below on the device before starting the enrollment step. Replacing the self-signed certificate with a publicly trusted certificate avoids this manual trust workflow.

Steps to resolve when keeping a self-signed certificate

1. Open the manual enrollment address on the device: https://your.fw.server.DNS.here:20443/ios
2. Select Step 1 - Install Certificate.
   
   
   
   
3. Follow the device prompts to install the certificate. Tap Install through the prompts, then tap Done.
4. After the certificate is installed, open the Settings app. Do not start Step 2 - Enroll Device yet, because the device has not trusted the certificate.
5. Go to General → About.
6. At the bottom of About, tap Certificate Trust Settings.
7. Under ENABLE FULL TRUST FOR ROOT CERTIFICATES, enable trust for the newly installed certificate.

Return to the manual enrollment page and continue with Step 2 - Enroll Device.