Configuration errors: Untrusted server certificate when integrating Endpoint Protection Mobile with a 3rd party MDM
Article ID: 185831
Updated On:
Products
Endpoint Protection Mobile
Issue/Introduction
Setting up the integration with a 3rd party MDM/UEM/EMM provider, the configuration is unable to complete. Investigation in the SEP Mobile MC for the MDM Basic Setup shows that there are configuration errors: Untrusted server certificate.
Cause
SEP Mobile uses https for secure communications with the MDM provider. The untrusted server certificate error occurs when SEP Mobile does not trust the traffic from the MDM provider. There are multiple possible causes for this.
- The certificate is self-signed instead of signed by a reputable 3rd party CA
- The certificate is expired and thus no longer valid
- The certificate chain is incomplete because the server is not presenting 1 or more of the certificates in the signing-chain.
Resolution
First verify that the server name and port provided in the MDM integration basic setup under MC>Setting>Integrations>MDM/UEM/EMM>Basic Setup is correct.
If the information is verified to be correct, certificate errors can be checked for using open source tools such as curl, openssl, or https://www.ssllabs.com/ssltest/index.html
Depending on the identified cause, the solution may be to.
- Get the SSL certificate signed by a reputable Certificate Authority (CA)
- Renew the Expired Cert with the CA
- Complete the incomplete signing chain
(NOTE: for assistance resolving these certificate issues on your on-premises MDM implementation, you should reach out to the CA)
Feedback
Yes
No
Powered by
