2 Replies Latest reply on Aug 21, 2012 7:29 AM by shaneg

    SSL Certificates for non domain/non windows machines

    shaneg

      We have recently deployed our MWG7 solution into the enterprise and all is working well for the most part.   On a handful of machines that are not receiving group policy, a manual install of the root CA must be performed to avoid the 'security warnings' on every site that is SSL.

       

      For our windows based clients this is not an issue.  The problem comes into play when we attempt to upload the .cer file to Android based systems, or the .pfx/.p12 file to an Apple based device.   By all accounts the certificate(s) install just fine, but when it comes to SSL traffic the users are still bothered by the untrusted certs popup. 

       

      Am I missing something when it comes to the export/import of this security certificate(s)?

      Thank you for your help!

        • 1. Re: SSL Certificates for non domain/non windows machines
          asabban

          Hello,

           

          for me it sounds like the root certificate you have added to the list of trusted certificates does not work as expected. I am not exactly sure about the process of exporting/importing, but when you import the certificate to your mobile  devices you need to verify that it is imported ad a certificate to sign server certificates for web sites. Additionally it may be required to repeat the import for all browsers installed, at least for Android I know that some browesers may use settings which are independent from the operating systems settings.

           

          Did you try to restart the mobile devices or at least ensures you completely killed the browser and restarted it? On an iPhone a hard reset of Safari is required (at least it was a while ago) to allow new certificates to be recognized.

           

          Maybe you can share some more details about your export/import procedures.

           

          Best,

          Andre

          • 2. Re: SSL Certificates for non domain/non windows machines
            shaneg

            Well it appears that for the most part things have come even keel.  (At least for the Ipad devices)   When you export the certificate file from the server, it exports it into a .cer format which is not necessarily compatible with Ipod out of the box.  I used one of Apples 'config tools' and it was able to 'modify' the certificate in such a way that it was accepted and appears to work.

            Thanks for the reply!
            Shane