Certificates & MDM Profiles

Ben Greiner -

When a Mac or iOS device is enrolled into Robot Cloud, the enrollment process places a certificate (Forget Computers Ltd. JSS Built-in CA) and Configuration Profile (Mobile Device Management, or MDM, Profile signed by the previously mentioned certificate) on the device so it may authenticate and be managed securely. There is no username or password exchanged when a Mac or iOS device performs an inventory report or receives maintenance or software packages. (How cool is that?)

iOS
Robot Cloud utilizes a built-in PKI certificate authority for iOS. A signing certificate is installed to encrypt messages between Robot Cloud and an iOS device. When an iOS device is first enrolled, the certificate asks to be trusted (because the certificate is self-signed, or "root".) After the trust has been confirmed normal enrollment moves forward. We can also use third-party PKI servers, as long as they support SCEP. Although the certificate is not viewable after enrollment, the MDM Profile is viewable in Settings > General > Profiles & Device Management.

Mac
Robot Cloud utilizes an Apple Push Notification (APN) certificate for communication between Macs (and iOS) devices. This certificate is generated from Apple (who is their own CA and natively trusted on the Mac platform) and is unique to each of our clients. You can easily view both the certificate and the MDM profile on a Mac in Keychain Access and System Preferences, respectively. 

What do I need to do?
Nothing! The built-in PKI certificate and the Apple Push Notification certificates are all handled by us — so sign-up, relax, and focus on your business while the robot in the sky keeps things running smoothly.

 

 

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.