Quick Support

An einem Meeting teilnehmen:

Mauricio Schäpers

An einer Fernwartung teilnehmen:

VS Qloud Support

Für den Betritt der Fernunterstützung wird ein Passwort von Agenten festgelegt.
Dieses wird Ihnen telefonisch oder per Email bekannt gegeben.

Kunden Login

Partner Login

Working with private certificates on XenMobile 9 / WorxHome 10

It looks like working with certificates from a private PKI doesn’t work anymore on iOS as soon as working in a XenMobile Enterprise Environment. Bad for the own test environment

Even if the internal Root Certificate is installed manually on the iOS device, just the XDM registration does work but the whole enrollment gets aborted when it comes to the NetScaler Gateway part.

Could not connect to the company network

Lovely error message, isn’t it?
Let’s check the logs:

" 09-Feb-2015 16:30:39:976 (+0100) ",,ERROR (2),"self-signed cert not allowed",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Certificates/AuthCertificateHandler.m,-[AuthCertificateHandler handleServerCertificate:forHost:serverTrustRef:],133
" 09-Feb-2015 16:30:39:977 (+0100) ",,ERROR (2),"error: Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x180d9280 {NSErrorFailingURLKey=https://login.cch.external, NSErrorFailingURLStringKey=https://login.cch.external}",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/ctxLibs/me@WorkCommon/me@WorkCommon/AsyncHTTP.m,-[AsyncHTTP connection:didFailWithError:],752
" 09-Feb-2015 16:30:39:979 (+0100) ",,ERROR (2),"Server cert validation failed: Error Domain=com.citrix.security Code=4 "The operation couldn’t be completed. (com.citrix.security error 4.)"",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Me@Work/AccountDiscovery/AccountDiscoveryManager.m,-[AccountDiscoveryManager getURLResponse:headers:timeout:followRedirect:error:],87
" 09-Feb-2015 16:30:39:979 (+0100) ",,ERROR (2),"Account Discovery failed for URL: ",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Me@Work/Operations/StoreOperations.m,-[StoreOperations performLogin:userName:password:onCompletion:],552
" 09-Feb-2015 16:30:39:979 (+0100) ",,ERROR (2),"FTU state:0, error:Error Domain=com.citrix.security Code=4 "The operation couldn’t be completed. (com.citrix.security error 4.)"",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Me@Work/Controller/AppFlowController.m,__65-[AppFlowController performLogin:userName:password:onCompletion:]_block_invoke_2,2018

Quite interesting is the line qouting that self-signed certificates are not allowed.

Trying to enroll the device directly to NetScaler Gateway and AppController without MDM does work, even if there comes a popup message that the server certificate is not trusted, but you’re able to proceed clicking on „Accept“

Finding that out, gives me a workaround.

  1. Ensure no root certificates are installed
  2. Connect WorxHome against your Netscaler Gateway and accept the certificate warning
  3. Deregister WorxHome using the context menu -> Account -> Remove
  4. Without closing WorxHome enter your MDM FQDN and run through the hole enrollment process and voilá you won’t get any certificate error on NSG/AC, even if the root certificate is not trusted

My assumption is that accepting the certificate on step 2 does turns the ignoreSSL option on and this setting does survive a re-enrollment 🙂

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert