6 Replies Latest reply on Aug 6, 2012 1:22 PM by jbataller

    iOS5 and Certificates

    dbozic Rookie

      Hi folks,

      I am working since quite a while to get MDM working in our environment, but it seems that there is quite a certificate issue that relates to our root certificate (from CACert) and maybe (most likely) the MDMSecure Certificate. We have a some bit of strange behaviour concerning iOS4 & iOS 5 devices. On iOS4 we have the complete functionality (Agent & Portal) whereas Profiles are not getting installed on iOS5 devices (Portal works perfectly). The root certificate (from CACert) never gets accepted (on iOS5), and seems to be a known bug (http://bugs.cacert.org/view.php?id=540) .  Taking a closer look at http://support.apple.com/kb/HT4999 it is described, that certificates with MD5 hashes are not any more supported (since iOS5). Regrettably MDMSecure seems to use a MD5 hash. I would be happy if LANDesk people could comment on this point.


      Thanks a lot folks


        • 1. Re: iOS5 and Certificates




          I do not know the answer to your question but I moved your thread to the specific section of the community.



          • 2. Re: iOS5 and Certificates
            pacificmags Rookie

            Hi all,

            Seem to be having a similar issue. I dont have any iOS 4 devices to test on but i do know that on iOS 5 devices we are not seeing policies being pushed down to device if they are assigned via mapping to an AD group.


            The only way payloads come down is if they are configured in the global "enrollment profile".


            I can get the MDM secure cert installed only via the global enrollment configuration. You could try to do it this way.


            If i try to install this via  a Policy linked to  an AD group the cert will not install correctly.


            Regardless of how i install the MDM secure cert policies applied to a group will not load on the device.



            • 3. Re: iOS5 and Certificates
              1EarEngineer Specialist


              Not exactly sure as to what you need to do, however I will say that we do have issues sometimes getting the profiles to pull down when registering the device with the Agent. Sometimes we have to reset the agent on the device a few times and then it pulls down.


              To address Pacific's post, we have ours tied to the AD groups and it is working fine in terms of payloads and such. The only snafu we run into is having to re-enroll a device from time to time during setup

              • 4. Re: iOS5 and Certificates

                Hi,  i have experienced a similar issue and it was down to how i enrolled a device.  you need to put the username is the following way "domain\user.name" if you just put in "user.name" the device will enroll, but no policies with the exception of the enrollment policy will hit the device.


                This only seems to affect iOS devices as the Android client has a specific field for the domain.

                • 5. Re: iOS5 and Certificates
                  pacificmags Rookie

                  Yes the domain\username entry also ensured our profiles deployed via AD groups were pushed down also.

                  • 6. Re: iOS5 and Certificates
                    jbataller Apprentice


                    I'hav similar probleme, whitout policie applyed,


                    if you hav this message witch you double-clic on you domain (in Users admin) (unable to obtain DNS hostname of active Directory domain controller withobject name ..., apply this procedure on the Domain controller mentionned (Resolve 2)



                    for us, all policies are directly appliqued after this procedure


                    error DC.jpg