When trying to enroll iOS devices to a Symantec Mobile Management server, an error on the iOS device appears that a network error has occurred.
Further inspection, using the iPhone Configuration Utility or Xcode console logs, shows that the device does not trust the server:
-- 11:43:20 unknown profiled <Notice>: (Error) MC: Cannot retrieve SCEP identity: NSError:
Desc : A network error has occurred.
Sugg : The certificate for this server is invalid. You might be connecting to a server that is pretending to be scep.domain.com which could put your confidential information at risk.
In the Configuration Editor for the SCEP profile, the SCEP URL is configured to use HTTPS, e.g. https://scep.domain.com/certsrv/mscep/mscep.dll. The IIS certificate bound to the SCEP server is not issued by a public CA certificate provider that the Apple device trusts. The Apple device will not trust the SCEP server SSL certificate.
For the SCEP URL to use HTTPS, it must be configured using a certificate Apple devices trust by default. A public CA, such as Symantec, can issue a trusted certificate. Change the certificate on the SCEP server to a trusted one, or change the SCEP URL to use http only.
Symantec Mobile Management
Using a SCEP server with a secure (https) URL, not signed by a trusted certificate provider.
Imported Document ID: TECH194408
Subscribing will provide email updates when this Article is updated. Login is required.