Meraki Community
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Pushed Root CA and Signing CA certs but only Root shows up

LibTechs
Conversationalist
‎Nov 22 2023 4:56 PM
‎Nov 22 2023 4:56 PM

Pushed Root CA and Signing CA certs but only Root shows up

Hi all,

 

I have tried to push our Root CA and Signing CA certificates to our iOS devices using Meraki MDM so that we can access internal servers without the SSL warnings on the browser. When I tested with some of our websites I got the warning. So, I looked in About|Certificate and Trust Settings and I only see the Root CA listed.

 

Are Signing CAs not able to be pushed via the MDM?

 

Thanks

Labels:
0 Kudos
Subscribe
2 Replies 2
PaulF
Meraki Employee
Meraki Employee
‎Nov 23 2023 2:25 AM
‎Nov 23 2023 2:25 AM

Hi. So, the first thing to check is if the policy was applied correctly. You can do this in dashboard by looking at a device, and scrolling to certificates:

 

Screenshot 2023-11-23 at 10.16.48.png

 

So, that's the first place. The second place is to check the installed certs on the device, which you've already done.

 

The third place is to go to Settings > general > VPN and Device Management > meraki Systems Manager

 

You'll be able to see everything installed:

 

IMG_0623.PNG

If you click on More details and scroll down to certificates:

 

IMG_0624.PNG

 

You'll be able to see which certs have been installed through MDM

 

Now, if you see your cert here and NOT in the certificates list of the device, it may just be that iOS has chosen not to show that cert

 

I had a look at : https://developer.apple.com/documentation/devicemanagement/certificateroot and there's nothing to suggest that iOS requires a particular type of cert when being deployed with MDM

 

Let me know how you get on,

 

Kind regards,

 

P

Subscribe
In response to PaulF
LibTechs
Conversationalist
‎Nov 23 2023 10:18 AM
‎Nov 23 2023 10:18 AM

Thank you PaulF.

 

I have checked in all the places you listed and they all indicate that the Signing CA has been installed in the iOS device. The only place that it is not listed is in About|Certificate and Trust Settings.

 

I have also tried combining the Root and Signing CA certificates without luck.

 

Maybe iOS does not support Signing CAs?

 

Thanks

0 Kudos
Subscribe
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels
© 2024 Cisco Systems, Inc.