It looks like working with certificates from a private PKI doesn’t work anymore on iOS as soon as working in a XenMobile Enterprise Environment. Bad for the own test environment
Even if the internal Root Certificate is installed manually on the iOS device, just the XDM registration does work but the whole enrollment gets aborted when it comes to the NetScaler Gateway part.
Could not connect to the company network
Lovely error message, isn’t it?
Let’s check the logs:
" 09-Feb-2015 16:30:39:976 (+0100) ",,ERROR (2),"self-signed cert not allowed",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Certificates/AuthCertificateHandler.m,-[AuthCertificateHandler handleServerCertificate:forHost:serverTrustRef:],133
" 09-Feb-2015 16:30:39:977 (+0100) ",,ERROR (2),"error: Error Domain=NSURLErrorDomain Code=-1012 "The operation couldn’t be completed. (NSURLErrorDomain error -1012.)" UserInfo=0x180d9280 {NSErrorFailingURLKey=https://login.cch.external, NSErrorFailingURLStringKey=https://login.cch.external}",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/ctxLibs/me@WorkCommon/me@WorkCommon/AsyncHTTP.m,-[AsyncHTTP connection:didFailWithError:],752
" 09-Feb-2015 16:30:39:979 (+0100) ",,ERROR (2),"Server cert validation failed: Error Domain=com.citrix.security Code=4 "The operation couldn’t be completed. (com.citrix.security error 4.)"",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Me@Work/AccountDiscovery/AccountDiscoveryManager.m,-[AccountDiscoveryManager getURLResponse:headers:timeout:followRedirect:error:],87
" 09-Feb-2015 16:30:39:979 (+0100) ",,ERROR (2),"Account Discovery failed for URL: ",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Me@Work/Operations/StoreOperations.m,-[StoreOperations performLogin:userName:password:onCompletion:],552
" 09-Feb-2015 16:30:39:979 (+0100) ",,ERROR (2),"FTU state:0, error:Error Domain=com.citrix.security Code=4 "The operation couldn’t be completed. (com.citrix.security error 4.)"",-,com.citrix.me_at_work_networkRequest_dispatch_queue,dfd7,Worx Home,/jenkins/workspace/iOS_WorxHome_10.0.0_Perseus_AppStoreReview_Release/Me@Work/Me@Work/Controller/AppFlowController.m,__65-[AppFlowController performLogin:userName:password:onCompletion:]_block_invoke_2,2018
Quite interesting is the line qouting that self-signed certificates are not allowed.
Trying to enroll the device directly to NetScaler Gateway and AppController without MDM does work, even if there comes a popup message that the server certificate is not trusted, but you’re able to proceed clicking on „Accept“
Finding that out, gives me a workaround.
- Ensure no root certificates are installed
- Connect WorxHome against your Netscaler Gateway and accept the certificate warning
- Deregister WorxHome using the context menu -> Account -> Remove
- Without closing WorxHome enter your MDM FQDN and run through the hole enrollment process and voilá you won’t get any certificate error on NSG/AC, even if the root certificate is not trusted
My assumption is that accepting the certificate on step 2 does turns the ignoreSSL option on and this setting does survive a re-enrollment 🙂
Dieser Beitrag hat 0 Kommentare