Configuration errors: Untrusted server certificate when integrating Endpoint Protection Mobile with a 3rd party MDM

book

Article ID: 185831

calendar_today

Updated On:

Products

Endpoint Protection Mobile

Issue/Introduction

Setting up the integration with a 3rd party MDM/UEM/EMM provider, the configuration is unable to complete. Investigation in the SEP Mobile MC for the MDM Basic Setup shows that there are configuration errors: Untrusted server certificate.

Cause

SEP Mobile uses https for secure communications with the MDM provider. The untrusted server certificate error occurs when SEP Mobile does not trust the traffic from the MDM provider. There are multiple possible causes for this.
  1. The certificate is self-signed instead of signed by a reputable 3rd party CA
  2. The certificate is expired and thus no longer valid
  3. The certificate chain is incomplete because the server is not presenting 1 or more of the certificates in the signing-chain.

Resolution

First verify that the server name and port provided in the MDM integration basic setup under MC>Setting>Integrations>MDM/UEM/EMM>Basic Setup is correct.
If the information is verified to be correct, certificate errors can be checked for using open source tools such as curl, openssl, or https://www.ssllabs.com/ssltest/index.html

Depending on the identified cause, the solution may be to.

  1. Get the SSL certificate signed by a reputable Certificate Authority (CA)
  2. Renew the Expired Cert with the CA
  3. Complete the incomplete signing chain

(NOTE: for assistance resolving these certificate issues on your on-premises MDM implementation, you should reach out to the CA)