Help

Deploy SSL certificates to iOS devices

brownbe
New Contributor III

Posted on ‎03-04-2015 08:35 AM

We have an issue with our google safe search at our school and need to come up with a solution. We are looking into enforcing SSL filtering on our fortigate and would need to deploy SSL certs to all of our devices. None of our computers are managed, but all of our iPads are. I cannot find anything specific but I did find that under configuration profiles there is an option to upload a certificate. Is that where it would be done? Is there anyone here who has experience deploying this and has any pros or cons? We're trying to keep all options open but it needs to be done sooner rather than later.

0 Kudos
5 REPLIES 5

bentoms
Release Candidate Programs Tester

Posted on ‎03-04-2015 10:39 AM

@brownbe, yep the Certificate payload is what you want.

The pros & cons revolve around how often the cert expires.. as you'll need to update the profile with a new cert before expiry.

This removes the old cert & then adds the new.. It's normally a quick process, but if that cert is used to sign wireless connections an iOS client can fall off the network when the old cert is removed.. & unless it has a cellular connection, it may not get the updated profile with the new cert.

Hope that makes sense!

0 Kudos

brownbe
New Contributor III

Posted on ‎03-04-2015 10:54 AM

@bentoms Thank you for pointing that out, I hadn't thought of that. I assume that would be the same for any other devices with the certificate?

Also, we have multiple configuration profiles that we use for various reasons. If we deploy the certificate in one profile, would we have to deploy it in all the others?

0 Kudos

brandonusher
Contributor II

Posted on ‎03-04-2015 11:41 AM

@brownbe I don't have any experience using the Certificates payload, but I do know that you should keep it in a separate profile. There shouldn't be any need to distribute it coupled with other profiles unless they are wireless profiles that depend on the certificate. Those I would deploy coupled with the certs.

0 Kudos

battle
New Contributor

Posted on ‎03-20-2015 03:50 AM

I'm looking into this at the moment too.

We have created a new certificate for our internal proxy server (we're a primary school) and I need to push this out to all of our managed iPads.

The certificate payload includes the option to include a "passphrase" should this be left blank?

0 Kudos

mlotter
New Contributor

Posted on ‎09-14-2015 08:11 AM

Did the Cert work for your SSL inspection with your Fortigate? We have the same issue at our school using Fortigate and some of our Education apps. Specifically our LMS. Did you push out the Fortinet Cert or a local DC-CA?

0 Kudos