Skip to main content

ESMC MDM 7.2 management for iOS devices no longer supports IP based certificates - Kennisbank / Legacy / ESET Security Management Center / Mobile Device Management - ESET Tech Center

ESMC MDM 7.2 management for iOS devices no longer supports IP based certificates

Authors list

Issue

  • ESMC MDM 7.2 management for iOS devices no longer supports IP based certificates 
iOS Issue Only

This issue does not affect Android-only mobile device management (MDM). 

For Android-only management, disable the Send iOS related application statuses setting in the ESET Mobile Device Connector Policy.

Details

Due to Apple certificate requirements for iOS management certificate, as of ESMC MDM 7.2, it is no longer possible to use IP based certificate for iOS management.

Upgrade MDM component to the latest version

To ensure your MDM component continues to function properly, we recommend you upgrade to ESMC version 7.2.11.3 by November 1, 2020. Click here for more information on the Apple Push Notification service (APNs) policy

Solution

Before upgrading to ESMC MDM to version 7.2

Verify that your MDM HTTPS certificate is not IP-based (certificate is not issued to the IP address of the MDM server).

Verify that your MDM HTTPS certificate meets the Apple certificate requirements

If your MDM HTTPS certificate does not meet the requirements described above, you will first need to obtain a certificate that meets the Apple certificate requirements, and then continue with a manual uninstallation of your ESMC MDM and then installation of ESMC MDM version 7.2.

If both of these requirements are confirmed, continue by uninstalling your ESMC MDM using the following instructions:


    1. Start by uninstalling your ESMC MDM component.

    2. During the uninstallation process select the option to keep the database.

    3. When the uninstallation process is finished you can install the new ESMC MDM 7.2 and connect to your existing database.

    4. Download the standalone installer for ESMC MDM 7.2 from the ESET download website.
      NOTE:

      If your MDM is running on MDM Virtual Appliance, you need to download ESMC MDM VA version 7.2 and continue from step 6.

    5. Execute the installer on the machine that was is running your ESMC MDM.

    6. During the installation procedure, change the MDM Hostname to a DNS entry of the machine that was running the ESMC MDM. (This DNS entry must match the address the certificate is issued for).

    7. In the HTTPS certificate field, enter the new certificate you acquired.

    8. Continue by connection to your existing MDM database.

    9. Finish the installation process.

    10. Restart the MDM server.
    11. Open ESET Security Management Web Console (ESMC Web Console) in your web browser and log in.

    12. Navigate to PoliciesESET Mobile Device Connector and select your existing ESET MDM policy.

    13. Select Edit on your existing MDC policy, and change the current HTTPS certificate to the new one you used during the installation process. Set the Force certificate change on the date to your current date.

    14. Select Force from the settings flag and click Finish.

    15. Navigate to the Computers screen.

    16. Re-enroll all your mobile devices.

    17. Navigate to Mobile Devices Dynamic group.

    18. Click the check box next to Select All.

    19. Navigate to Actions → Mobile → Re-enrollMultiple devices via email.

    20. Once all the devices are re-enrolled, continue the mobile device management as usual.


If you have already upgraded to ESMC MDM 7.2 and your mobile devices are not connecting

Verify that your MDM HTTPS certificate is not IP-based (certificate is not issued to the IP address of the MDM server).

Verify that your MDM HTTPS certificate meets the Apple certificate requirements

If both of these are confirmed and your mobile devices are still not connecting, contact ESET Customer support.

If your MDM HTTPS certificate does not meet the requirements described above, you will first need to obtain a certificate that meets the Apple certificate requirements, and then continue with a manual uninstallation od your ESMC MDM and then installation of ESMC MDM 7.2.

  1. Start by uninstalling your ESMC MDM component.

  2. During the uninstallation process select the option to keep the database.

  3. When the uninstallation process is finished you can install the new ESMC MDM 7.2 and connect to your existing database.

  4. Download the standalone installer for ESMC MDM 7.2 from the ESET download website.
  5. NOTE:

    If your MDM is running on MDM Virtual Appliance, you need to download ESMC MDM VA version 7.2 and continue from step 7.

  6. Execute the installer on the machine that was running your ESMC MDM.

  7. During the installation procedure, change the MDM Hostname to a DNS entry of the machine that was running the ESMC MDM. (This DNS entry must match the address the certificate is issued for).

  8. In the HTTPS certificate field, enter the new certificate you acquired.

  9. Continue by connection to your existing MDM database.

  10. Finish the installation process.

  11. Restart the MDM server.
  12. Open ESET Security Management Web Console (ESMC Web Console) in your web browser and log in.

  13. Navigate to PoliciesESET Mobile Device Connector and select your existing ESET MDM policy.

  14. Select Edit on your existing MDC policy, and change the current HTTPS certificate to the new one you used during the installation process. Set the Force certificate change on the date to your current date.

  15. Select Force from the settings flag and click Finish.

  16. Navigate to the Computers screen.

  17. Re-enroll all your mobile devices.

  18. Navigate to Mobile Devices Dynamic group.

  19. Click the check box next to Select All.

  20. Navigate to Actions → Mobile → Re-enrollMultiple devices via email.

  21. Once all the devices are re-enrolled, continue the mobile device management as usual.

Add a comment

Please log in or register to submit a comment.

Need a password reminder?