Self Signed Certificate Error during iOS OTA Enrollment

This article shows how to resolve anthe certificate-trust error ifthat can appear when you ~~are~~ manually ~~enrolling~~enroll ~~10.3+~~iOS or iPadOS devices inthrough OTA enrollment while the FileWave ~~with~~Server uses a self-signed certificate.

ItFor isproduction ~~considered~~environments, use a ~~best practise to have a root~~publicly trusted server certificate ~~defined~~when inpossible. If the ~~FileWave>~~server ~~Preferences>~~still ~~Mobile> HTTPS certificate section. In FileWave v12+ it is easy to determine whether you have~~uses a self-signed ~~certificate~~certificate, ~~or not. Simply log into~~confirm the ~~FileWave~~certificate ~~Admin, open the preferences, go to the "Mobile" tab, and you will see~~shown in ~~the~~FileWave Central → Preferences → Mobile → HTTPS ~~section, the following line:~~certificate.

Self-signed HTTPS certificate shown in FileWave preferences

IfAutomated Device Enrollment can still work with this iscertificate ~~the~~state, ~~case,~~but ~~you~~manual ~~will~~OTA ~~still~~enrollment bemay ~~able~~fail ~~to enroll iOS 10.3+ devices through DEP. But if~~until the device ~~is iOS 10.3+ and you try a manual web enrollment (OTA), you will get~~trusts the ~~following~~installed ~~error.~~root certificate.

iOS enrollment error caused by an untrusted self-signed certificate

If you ~~choose~~keep ~~to retain your~~the self-signed certificate, ~~you will have to~~ use the steps below ~~to resolve~~on the ~~error.~~device ~~Alternatively,~~before ~~you~~starting ~~can~~the ~~purchase~~enrollment step. Replacing the self-signed certificate with a ~~root trusted certificate, and you will not encounter this issue. Again, it is highly recommended that you purchase a root~~publicly trusted certificate ~~(can include a wildcard) so that you don't have to work around~~avoids this manual trust ~~issue, as described below.~~ workflow.

Steps to Resolveresolve (ifwhen you choose to keepkeeping a self self-signed certificate in place)

~~Navigate to~~Open the ~~your~~ manual enrollment ~~address:~~address on the device: https://your.fw.server.DNS.here:20443/ios
~~Select:~~Select "Step 1 - Install ~~Certificate"~~Certificate.
~~Once you have selected step one,~~Follow the device ~~will ask you~~prompts to ~~Install~~install the ~~cert,~~certificate. goTap Install through ~~those~~the ~~three~~prompts, ~~prompts~~then bytap ~~hitting Install each time and finally Done.~~Done.
After the certificate ~~has been~~is installed, open the ~~"Settings"~~Settings ~~app on the iOS device.~~app. Do not start Step 2 ~~(This~~- ~~will~~Enroll ~~prompt~~Device yet, because the ~~error).~~device has not trusted the certificate.
Go ~~into~~to General =>→ About.
At the bottom of ~~the "About" section,~~About, tap ~~the sub section called "~~Certificate Trust ~~Settings"~~Settings.
~~You~~Under ~~will see an option called~~ ENABLE FULL TRUST FOR ROOT CERTIFICATES

, ~~Toggle~~enable ~~that option~~trust for ~~your~~the newly installed ~~certificate~~

certificate.

iOS Certificate Trust Settings for the installed root certificate

~~Now go back~~Return to the manual enrollment page and ~~finish the steps~~continue with "Step 2 - Enroll ~~Device"~~Device.