I have been working extensively with the WT6000. A customer has been loading a lot of software with Stagenow but not the cert. the cert should get pulled down by the enabler upon first check in.
Just to verify, are you installing a self signed cert or third party cert? The bulk enrollment software is really only designed for Third Party certs. you have to have a pin if you use a self signed cert but not with a third party cert.
The WT6000 was not pulling a cert from the Avalanche server upon first check in. The enabler logs indicated a lack of certificate on the device. If I manually install the certificate on the WT6000 through the native Settings application then the Avalanche Enabler is able to then connect to the Avalanche server successfully. The problem with the manual application of the Ca.pem cert, besides taking too long for a bulk deployment, is the fact that it also forces you to add a pin or pattern lock screen on the device. The TC8000 on the other hand is able to process the ca.pem file through a StageNow deployment and automatically apply it without the need for a pin or pattern lock screen code. If you try and apply the cert manually on the TC8000 it forces you to setup the lock screen code just like on the WT6000, but StageNow enables you to circumvent that.
Can you clarify this? I'm running into this issue again. I'm not sure if I understand the difference in Certs from an Avalanche perspective. I created a cert using the Certificate Utility:
I then followed the additional directions for placing the cert file(s) in the correct locations:
My device still doesn't seem to be able to pull down the cert from the server and as a result it can't enroll.
If I try to manually Enroll the device, without using the Bulk Enrollment Process I get a pop up message saying "Invalid Certificate - No SSL certificate was found, do you want to install one from server?"
Again the bulk enrollment process is designed for Thirdparty certs.. this means we are using the OS level Cert Trust Store to validate that the cert created is legitimate or not. If you push a self signed cert the OS requires a pin to be in place and the bulk enrollment processes cannot handle the steps to connect the device.
If you are still having issues with the cert with manual registration we may be seeing something blocked or mis configured.. have you followed the steps here? Install Cert Failed
If you attempt to manually access the enrollment page does it download the proper cert? https://(host/ip of sds)/mdm it should show you the enrollment page and should allow you to manually download the cert.
if you have further issues we will need to look at logging on the device and SDS.
Thanks for the response Brett!
I think the connection to the server to manually pull down the certificate is working, after manually installing the cert from the server the registration/enrollment is successful. I just don't like being forced into using a Pin/Pattern lock screen on a shared production device. How can I go about creating a Thirdparty cert?
We have this help doc on creating a CSR.. you can then go to a third party such as Verisign and purchase a third party cert: