cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Self Signed Certificate with Load Balancer for iOS

Former Member

on ‎01-09-2014 10:26 AM

0 Kudos

Hello Folks,

We have Afaria 7 SP4 in our landscape. We are able to enroll iOS devices via Relay Server using Self Signed SSL approach. But, we want the devices to connect Load Balancer and Load Balancer would be the first point of contact to the devices.

However, when we enable Load Balancer and try to connect iOS device via Load Balancer, it won't work.The Android devices work perfectly fine with Load Balancer.

As the approach works with Relay Server, the issue exists with the integration between Relay Server and Load Balancer. We ensured to create Self Signed Certificate from the load balancer and signed by the CA. In addition, we also deployed this certificate during enrollment server installation.

Relay Server IP: 185.7.39.75

Load Balancer IP: 185.7.39.213

The error we see in iPCU logs is as follows:

(Error) MC: Connection to https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... failed with error: NSError:

Desc   : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

US Desc: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

Domain : MCHTTPTransactionErrorDomain

Code   : 23002

Type   : MCFatalError

Params : (

"https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC..."

)

Desc   : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

US Desc: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

Domain : MCHTTPTransactionErrorDomain

Code   : 23002

Type   : MCFatalError

Params : (

"https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC..."

)

Desc   : The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.

Sugg   : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

US Desc: The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.

US Sugg: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

Domain : MCInstallationErrorDomain

Code   : 4001

Type   : MCFatalError

Params : (

"mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056"

)

...Underlying error:

NSError:

Desc   : The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

US Desc: The server certificate for https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC... is invalid.

Domain : MCHTTPTransactionErrorDomain

Code   : 23002

Type   : MCFatalError

Params : (

"https://185.7.39.75:443/ias_relay_server/client/rs_client.dll/afaria7pro/aips2/aipService.svc/TokenC..."

)

NSError:

Desc   : The profile Config Payload could not be installed.

Sugg   : The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.

US Desc: The profile Config Payload could not be installed.

US Sugg: The payload mdm-c1d0a1d7889176c25653f3c268a0f8c8b2947056 could not be installed.

Domain : MCProfileErrorDomain

Code   : 1009

Type   : MCFatalError

Params : (

"Config Payload"

)

We would be glad if anyone can help us with this issue.

Thank you!

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (1)

Answers (1)

Former Member
‎01-09-2014 10:43 AM
0 Kudos

Hi,

Please clarify.

SSL Certificate on load balancer  is Self signed certificate or Third party Certificate?.

Point to check .

1. When you create a certificate from Load balancer did you add that certificate in IPHONEserver.?

if not than

1. Install the certificate created from load balancer on Afaria server Certificate Authority personal.

2. Run the IPhone server setup file again

3. At the time of process of installation of iphone server you need to select the certificate for 443 port.

4. Complete the process of installation.

5. Create new enrollment code and test

Show replies
Show replies
Former Member
‎01-09-2014 1:24 PM
0 Kudos

Hi,

Thanks for your response.

SSL on load balancer is a Self Signed Certificate.

Of course, this certificate is added to the Enrollment Server Personal Certificates.

Former Member
‎01-09-2014 1:42 PM
0 Kudos

Hi ,

After adding to personal certficates , did you run the setup file of IPhonesever again and select this certificate for port 443 ?

Former Member
‎01-09-2014 2:40 PM
0 Kudos

Yes. We did this.

Former Member
‎01-09-2014 3:09 PM
0 Kudos

Hi,

Try opening the the load balancer url on device directly and it should open directly without the error : do you want to continue with this site..

Can you post the enrollment code url .

Former Member
‎01-09-2014 3:11 PM
0 Kudos

Here is the web url of the load balancer:

https://185.7.39.213/

I will send you the enrollment code url shortly.

Former Member
‎01-09-2014 4:16 PM
0 Kudos

This is the enrollment code url that is generated.

http://185.7.39.75:80/ias_relay_server/client/rs_client.dll/afaria7pro/aips/aipService.svc/GetEnroll...

Former Member
‎01-09-2014 4:16 PM
0 Kudos

This is the MDM enrollment.

http://185.7.39.75/ias_relay_server/client/rs_client.dll/afaria7pro/aipsr/Register?ID=i7z2khdf&Clien...

Former Member
‎01-09-2014 4:25 PM
0 Kudos

Hi,

I get the message prompt " Do you want to continue" .. when I do for both Relay Server and Load Balancer. This message is natural as it is a https and a self signed certificate.

I get this message when I do for Relay Server.. I didn't understand the significance of this.

Former Member
‎01-09-2014 6:40 PM
0 Kudos

Hi,

With the error do you want to continue this problem occur many times thats the reason its always suggest to go with third party ssl certificate.

Anyways what i can see with the Enrollment url it started with IP address and not with the DNS?

the common name of SSL certificate is ip address or FQDN?.

Also the enrollment url is http not https?

Former Member
‎01-09-2014 8:34 PM
0 Kudos

The common name of SSL certificate is IP address.

Enrollment URL is HTTP because HTTP(s) is not enabled for Relay Server ( indirect access) and that is acceptable.

Former Member
‎01-10-2014 5:07 AM
0 Kudos

Hi,

For android it can work with HTTP and HTTPS

For IOS 5 and above  device its mandatory requirement for SSL it required https connection.

You can create a enrollment code for IOS with http but as a process it will auto redirect to https.

Former Member
‎01-10-2014 8:17 AM
0 Kudos

Hi,

We are aware of it. For iOS, SSL is needed for payload transfer.

Do you have any inputs for the load balancer issue ?

Former Member
‎01-10-2014 8:22 AM
0 Kudos

Hi,

For load balancer issue you can refer the knowledge base on frontline.sybase.com

KB :5804

KB :7768

KB: 3795

KB:5526

KB:5327

Former Member
‎01-10-2014 8:39 AM
0 Kudos

Hi,

Thanks for your response. We have already went through the KBs mentioned here.

Former Member
‎01-10-2014 9:51 AM
0 Kudos

Folks,

If anyone is aware of this issue, please let me know.

Much appreciated!

Former Member
‎01-10-2014 1:41 PM
0 Kudos

Hi,

I can suggest you to check with third party ssl certificate

Ask a Question