User profile for user: eric_monceaux
eric_monceaux Author
User level: Level 1
0 points

MobileIron Profile for iPad

Hello,


Let's start with the need. My company is about to deploy MobileIron on iPads provided to a specific Sales division. However, when doing testing of the installation process of MobileIron, it is quite easy for the rep to cancel out of the process and skip the installation of the security profiles.


My goal is to create a MDM payload in the iPhone Configuration utility that isn't able to be removed, however, whenever I enter the required information, the profile will not install through USB (using the device and ICU directly) and when emailed, I receive an Invalid Profile message. I am not sure what I am doing wrong. Here is a basic example of what I have configured: (please note these are not the actual URLs...for security)


Server URL:

https://0000-0000.mobileiron.com


Check In URL:

https://0000-0000.mobileiron.com


Topic:

MobileIron


Identity:

Add Credentials in the Credentials payload


Check Out when Removed

(checked)


One theory I have is it is because I have not configured the credentials payload. Am I required to configure a Local CA or CSR in order for the MDM to be valid?

iPad, Windows XP Pro

Posted on Oct 17, 2011 12:40 PM

Reply
3 replies
User profile for user: Edward Kelley
Edward Kelley
User level: Level 1
10 points

Oct 17, 2011 12:53 PM in response to eric_monceaux

If your payload/profile includes certificates that are not trusted on the device (ie. SSL certiificates that are signed by an unkonwn CA or intermediate authority), installation may fail.


You should be able to get around untrusted certs by configuring the "Credential" payload in the iPhone Configuration Utility to include any intermediate/CA certs that are necessary for the client device to trust your certificates.

Reply
User profile for user: eric_monceaux
eric_monceaux Author
User level: Level 1
0 points

Oct 17, 2011 1:34 PM in response to Edward Kelley

When I click on the Credentials section, I then click on Configure. Once I do that, I get a long list of certificates from my Personal Certificate Store. I have scrolled through them (there are more than 100) I did locate the MobileIron certificate I generated from the System Interface page. I accomplished creating the certificate by generating a Self-Signed Certificate.


I am not sure if I need to create a SSC for all THREE certificates listed:

Portal HTTPS

Client TLS

iOS Enrollment.

Reply
User profile for user: Edward Kelley
Edward Kelley
User level: Level 1
10 points

Oct 17, 2011 2:06 PM in response to eric_monceaux

When you're looking at those certificates in the Credential payload, it should show you the certificate's trust settings (describing whether or not it's trusted). What do those certificates show? Are they showing "This root certificate is not trusted", or "This certificate was signed by an unknown authority", or "This certificate is valid"? I've attached an image to this discussion that shows a valid certificate in the Credential payload:


User uploaded file


You've mentioned that you're including more than 100 certificates in the "Credential' payload? Would it be possible for you to slim that list down a bit, and maybe only include the 3 that you say are necessary for the MDM deployment? This may help to isolate whether or not that particular payload is causing your problems.


It might be easier to configure a single enrollment profile that you can use for deployment of MDM, and then use your MDM solution to push profiles to devices after enrollment (including service configurations, and additional credential payload items).

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

MobileIron Profile for iPad

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up