| Table of Contents |
|---|
General EMM questions
Why do I get the “keytool error: java.io.IOException: Invalid keystore format” error when trying to import the CA (ca.p12) / RA (ra.p12) into the wso2emm.jks file?
If this issue occurs, delete the wso2emm.jks file and try to import the CA (ca.p12) and RA (ra.p12) to the wso2emm.jks file, which is in the <EMM_HOME>/repository/resources/security/ directory. This will create a new wso2emm.jks.
Why do I get the “Error self signed certificate getting chain” error when trying to export the RA file as a PKCS12 file with an alias as explained in Step 6 (c)?
This error occurs when the Common Name (CN) for the Certificate Authority (CA), Registration Authority (RA) and SSL certificates are the same. These three certificates should have a different name where the CN of SSL should be the IP address / Domain.
How can I obtain the TOPIC ID from the MDM signing certificate (MDM_Certificate.pem)?
The TOPIC ID is the UID or User ID of the certificate. This can be obtained using SSLShopper or by executing the following command:
openssl x509 -in MDM_Certificate.pem -text -noout
Why do I get the “No certificate matches private key” message when trying to convert the MDM_APNSCert.pem file into a MDM_APNSCert.pfx file?
This issue occurs when the private key used is not the same as the one that was used to create the customer.csr, which was sent to us to generate the signed certificate (encoded plist).
Why can't I enroll an Android device to a tenant admin?
The super admin is required to log into the EMM console at least once because only then does the APIs, which are used by the device to connect to the EMM server, get published and the super tenant gets subscribed to it. The tenant admins are then required to log into the EMM console at least once so that the tenants also get subscribed to the APIs published by the Super tenant.
Follow the instructions mentioned below:
- Get a fresh EMM pack and start the server.
- Go to the EMM console (example: https://localhost:9443/emm) and login using the super tenant credentials.
- Create the tenant that you need to use via the Carbon Console (https://localhost:9443/carbon/admin/login.jsp)
- Go to EMM and log in with the newly created tenant credentials.
- Register the Android device.
Why does the following error message appear in an iOS device when enrolling: “Profile Installation Failed. The server certificate for “https://xxxxxxxxxx/emm/profile” is invalid”?
This is a common error that is displayed by the iOS device when there is an issue in installing the Profile. Please check and make sure that the following are correct:
- The generated Certificate Authority (CA) and Registration Authority (RA) certificates should be of version 3 format. In addition, check if the
KeyUsageparameters for the certificates are correct. - Verify whether the Common Name (CN) of the SSL certificate has the correct domain name. This requested when generating the CSR for the SSL certificate as mentioned in step 5 (b).
- Ensure that the certificates are imported into the correct JKS and that the
<EMM_HOME>/repository/conf/emm-config.xmlfile is correctly configured as mentioned in the documentation.
Why does the following error occur: “ERROR {com.notnoop.apns.internal.ApnsConnectionImpl} - Couldn’t connect to APNS server {com.notnoop.apns.internal.ApnsConnectionImpl} java.net.UnknownHostException: gateway.sandbox.push.apple.com” in the console?
This error occurs when the EMM server tries to connect to the Sandbox URL with a production certificate. The common reason for this error is because the iOS MDM Configurations MODE is set as Developer in the iOS Settings page (EMM Console). Whereas, the MODE should be set as Production.
What are the list of ports that need to be opened for WSO2 EMM?
The list of ports that need to be opened are mentioned in the documentation.
Does WSO2 generate the iOS agent app, push certificates etc.?
WSO2 will not create the iOS agent app or create the push certificates. However, WSO2 provides a guide on how to generate the following:
- Certificate for iOS server configuration
- APNS certificate
- MDM APNS certificate
- iOS agent (.ipa)
Can I create an iOS app, deploy it in EMM store and install it into my iOS device?
Apple currently provides two developer programs for iOS app development, namely:
iOS Developer Program:
This is program that allows developers to develop iOS apps and publish it in the Apple app store. Using this program, apps can only be installed to apple devices if its UDID is added to the developer’s portal (This is for testing the app on a device before publishing to Apple app store).
iOS Enterprise Program:
This is program is used to deploy apps within the Enterprise without having to publish the app in Apple app store. This allows the Enterprise to maintain their apps in their own app store.
Unable to download the iOS app from a fresh pack.
By default, only the apk for the Android agent is shipped with the pack (at <EMM_HOME>/repository/deployment/server/jaggeryapps/emm/client_app) and the iOS agent needs to be fork from github and follow the steps mentioned in the documentation.