Enabling trust to certificates on iOS devices

On iOS devices, the browser uses the Apache server certificate to connect to Corporate App Catalog and Corporate App Catalog Management Console. The Apache server certificate is specified on Step 5 of the setup wizard. If the Apache server uses a certificate signed by a trusted certificate authority, the iOS device automatically trusts this certificate, and you do not need to perform additional configuration.

The Apache server can also use the following certificates:

• A certificate that is not signed by a trusted certificate authority. For instance, a certificate that is signed by a national or corporate certificate authority.
• A certificate generated via the setup wizard and signed by Kaspersky Security Center. You can find the generated certificate in the Apache server installation folder. By default, it is located at C:\Program Files (x86)\Kaspersky Lab\Apache Server\conf\server.crt. You can change the installation folder for the Apache server in the setup wizard.

If the Apache server uses one of these certificates, the device browser may fail to open the catalog or Management Console and download files. To work with Corporate App Catalog and Corporate App Catalog Management Console using a browser, other than Safari (for instance, Yandex Browser), you should manually enable trust for the Apache server certificate on the iOS device.

You can enable trust for certificates in the following ways:

• Using an iOS MDM policy.
• Directly on the device.

Add certificates to iOS device using iOS MDM policy

You can add certificates to a policy's settings and apply the policy to the iOS MDM device.

To add certificates to the policy:

1. Open MMC-based Administration Console.
2. In the console tree, in the Managed devices folder, select the administration group to which the iOS MDM devices belong.
3. In the workspace of the group, select the Policies tab.
4. Open the policy properties window by double-clicking any column.

   Complete the following steps within 15 minutes. Otherwise, you may face an error when saving changes to the policy.

5. In the policy Properties window, select the Certificates section.
6. Click the Add button.

   The Certificate window opens.

7. In the File name field, specify the path to the certificate file and click Open.

   The certificate appears in the list.

8. Click the Apply button to save the changes you have made.

Once the policy is applied to the iOS MDM device, the user is prompted to install the added certificates. The device and its browsers trust these certificates.

Enable trust for certificates directly on device

To enable trust for certificates on the device:

1. Download certificates on the device. For instance, you can send certificates via email or download them from any file sharing site.
2. Install certificates.

   They appear in the Settings → General → VPN & Device Management section.

3. Go to Settings → General → About → Certificate Trust Settings.
4. In the Enable full trust for root certificates section, turn on the toggle button for all certificates.

The device and its browsers trust these certificates.

Page top