Have the Server set up after trials and tribulations with passwords. Got VPN working on a client laptop. Have Profiles Manager set up but can't seem to enroll client devices. The client devices can't access the web interface (https:XXXXXXX.XXX/mydevices). Won't load because of SSL. Does anyone know how to fix this or another way to enroll devices?
What is the exact error that Safari (or other web browser) is giving you when you attempt to access https://my.server.ip.address/mydevices? Is it complaining that the certificate used for the SSL connection is not trusted (because you have not installed the trust profile available at that address)?
Or is the device enrollment step complaining that the SSL certificate is invalid and enrollment is failing? If this is the case, have you installed the trust profile that will add your server's certificate as a trusted certificate to the client machine?
"SSL connection error
Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have."
I thought you had to enroll devices through the web interface, where you acquire the certificates. Obviously, I can't go that route unless I can log in--unless there's another way to do this.
Also quirky: downloaded server software on same client laptop but won't accept password, even though same password allows me in on host machine.
Yes, you can only enroll devices through the web interface (for the most part. You can add placeholder machines in Profile Manager).
Before you tried to enroll the device, did you install the trust profile first? I had an issue when I tried device enrollment that the OS will not enroll the device unless the server's certificate is trusted. Have you tried installing the trust profile (from https://my.server.ip.address/mydevices) before enrolling the device? The trust profile will make the server's certificate trusted on the machine, and you should not have a SSL connection error anymore.
When I call up the web address (https://MYSERVER/mydevices) it gives me the error message above and doesn't allow me into the web interface that is the conduit to install the trust profile. Unless there's another way to install the trust profile.
Are you trying to download the profile and enroll from a restricted user on the client? I remember in the past that error can be associated with Parential Controls trying to restrict websites, but it affected almost all the HTTPS websites. Just to be clear, it is not the warning message like the one below?
You could log into the server, access the mydevices page from the server (which the server should trust its own certificate if set up through Server.app), download the trust profile and either install it on local machines via email, network share, or USB flash drive.
Here is the error message. I will try your suggestion of installing trust certificate on client machine first and see if I can then sign in.
I found the correct trust certificate pertaining to device enrollment and transfered to my client laptop. It wouldn't let me install:
So to sum up:
1. I have installed Server software on host computer and client computer.
2. Was able to get VPN operating correctly on client computer and a second client iPad.
3. Am unable to sign into Server software on client computer.
4. Am unable to access server domain from any outside computer or iPad.
Are you trying to download the profile and enroll from a restricted user (ie, Parental Controls enabled) on the client? When I try using Chrome from a restricted user with automatic web filtering, I get popups saying that Chrome tried to access a secure site that was blocked (something with parental controls messes up secure connections), and then got that error message in Chrome. If I add https://my.server.domain/ to the allowed list (which Chrome offers to do), then i am taken to a page that says it is not a trusted certificate with a deep red background.
If I try with Safari, I just get the standard "Safari cannot verify the certificate" and when I tell Safari to continue, everything is fine. I did have issues when I tried to enroll the devices from the restricted user (I was using Guest User with Parental Controls enabled). I would recommend trying to download the trust profile and enroll from an admin account on the machine you are wanting to manage (you need the admin credentials anyway).
Not using parental controls. Also tried to enroll the trust certificate pertaining to device enrollment on my host computer. Wouldn't install, showing same error message as shown in previous posts.
Can't enroll devices....
