Configuring an iOS MDM Server certificate

The iOS MDM server certificate is used to establish a connection and verify trust between the iOS MDM device and iOS MDM Server.

The iOS MDM Server certificate is issued by Kaspersky Security Center automatically upon the initial deployment of iOS MDM Server and installed on a device where iOS MDM Server is deployed. If you want to use a certificate issued by your certification authority, you need to specify a custom certificate file that will be used as an iOS MDM Server certificate.

If you specify a custom iOS MDM Server certificate, the Issue button for the iOS MDM Server reserve certificate will become unavailable. You need to specify the reserve certificate manually by clicking Install.

To specify a custom iOS MDM Server certificate:

  1. In the main window of Kaspersky Security Center Web Console, select Assets (Devices)MobileiOS MDM Servers. In the list of iOS MDM Servers that opens, click the iOS MDM Server whose settings you want to configure.
  2. In the iOS MDM Server settings window, select Application settings.
  3. Select the Certificates tab.
    1. In the iOS MDM Server certificate block of settings, click Install.
    2. In the File Explorer window that opens, specify a certificate file in PEM, PFX, or P12 format, and then click Open.

      Make sure the certificate you install complies with the following security requirements:

      • Common Name (CN) is specified;
      • a correct Subject Alternative Name (SAN) of DNS is specified and matches the iOS MDM Server connection address;
      • a correct certificate publisher is specified;
      • a correct certificate expiration date is specified;
      • the certificate chain is complete;
      • Extended Key Usage (EKU) is XKU_SSL_SERVER (1.3.6.1.5.5.7.3.1 serverAuth);
      • the root certificate is the same as the root certificate of the current certificate;
      • the RSA key size in the certificate chain is at least 2048 bits;
      • the RSA key size of the root certificate is at least 4096 bits;
      • the hash algorithm in the certificate chain is from the SHA-2 family.
    3. In the Installing certificate window that opens, enter the certificate password, and then click Install.
    4. Click Save.

Your custom certificate is specified as the iOS MDM Server certificate. The certificate details are displayed in the iOS MDM Server certificate block of settings.

Page top