Meraki

LibTechs · ‎Nov 22 2023

Hi all,

I have tried to push our Root CA and Signing CA certificates to our iOS devices using Meraki MDM so that we can access internal servers without the SSL warnings on the browser. When I tested with some of our websites I got the warning. So, I looked in About|Certificate and Trust Settings and I only see the Root CA listed.

Are Signing CAs not able to be pushed via the MDM?

Thanks

PaulF · ‎Nov 23 2023

Hi. So, the first thing to check is if the policy was applied correctly. You can do this in dashboard by looking at a device, and scrolling to certificates:

Screenshot 2023-11-23 at 10.16.48.png

So, that's the first place. The second place is to check the installed certs on the device, which you've already done.

The third place is to go to Settings > general > VPN and Device Management > meraki Systems Manager

You'll be able to see everything installed:

If you click on More details and scroll down to certificates:

You'll be able to see which certs have been installed through MDM

Now, if you see your cert here and NOT in the certificates list of the device, it may just be that iOS has chosen not to show that cert

I had a look at : https://developer.apple.com/documentation/devicemanagement/certificateroot and there's nothing to suggest that iOS requires a particular type of cert when being deployed with MDM

Let me know how you get on,

Kind regards,

P

LibTechs · ‎Nov 23 2023

Thank you PaulF.

I have checked in all the places you listed and they all indicate that the Signing CA has been installed in the iOS device. The only place that it is not listed is in About|Certificate and Trust Settings.

I have also tried combining the Root and Signing CA certificates without luck.

Maybe iOS does not support Signing CAs?

Thanks

Meraki

Community

Pushed Root CA and Signing CA certs but only Root shows up

Pushed Root CA and Signing CA certs but only Root shows up