Jump to content
Welcome to our new Citrix community!
  • 0

WiFi No longer enrolling


Daniel Akinin

Question

Hi Members,

 

I have moved into a new role and the company I am working for has asked me to look into some errors they are getting essentially iOS devices are failing to connect to the WiFI after enrolling into the MDM XenMobile.

 

I believe it is likely due to the expired certificates? Looking for confirmation. It uses TLS as authentication.

XenMobile Cert Forum 3.png

XenMobile Cert Forum 1.png

XenMobile Cert Forum 2.png

Link to comment

2 answers to this question

Recommended Posts

  • 0

The client side logs (from Secure Hub or XCode logs from iOS) will likely contain clearer log messages about this. Based on the screenshots provided, I think you have likely found the root cause of this problem already.

 

Note that if you are swapping over to a new certificate chain, then the old cert chain might still need to be kept in place temporarily. This can be needed if the chain was used to issue certs to mobile devices. Only when all mobile devices have been 'swapped over' to the new chain (new certs issued, to replace the old ones) should the old, expired certificate be removed from the server console.

 

An example of a certificate which should not cause this concern is the 'SSL Listener Cert' in the server.

An example of a certificate which 'does' cause this concern is a Server certificate in a chain which signs (issues) certificates to device users (this is when the device ends up with its very own private key, as part of the certificate issuance process).

Link to comment
  • 0
On 3/13/2020 at 11:18 PM, David Egan1709157332 said:

The client side logs (from Secure Hub or XCode logs from iOS) will likely contain clearer log messages about this. Based on the screenshots provided, I think you have likely found the root cause of this problem already.

 

Note that if you are swapping over to a new certificate chain, then the old cert chain might still need to be kept in place temporarily. This can be needed if the chain was used to issue certs to mobile devices. Only when all mobile devices have been 'swapped over' to the new chain (new certs issued, to replace the old ones) should the old, expired certificate be removed from the server console.

 

An example of a certificate which should not cause this concern is the 'SSL Listener Cert' in the server.

An example of a certificate which 'does' cause this concern is a Server certificate in a chain which signs (issues) certificates to device users (this is when the device ends up with its very own private key, as part of the certificate issuance process).

 

 

Thanks mate appreciate asking the time to answer.  

 

Cheers

Dan

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...