We nonetheless have an outdated macOS server with profile supervisor working, with a website wildcard SSL certificates. After renewing the certificates, I checked that https: was working, and likewise that administration profiles could possibly be downloaded. Nice!
Nevertheless, when establishing a brand new gadget, the gadget says that the certificates is invalid, and won’t set up the profile. Reverting again to the (quickly to be expiring) outdated certificates, the whole lot works advantageous.
So, I am at a loss for why that is taking place.
So far as I can inform, the basis for each certs is identical. In reality, the CA which was supplied by Digicert/Geotrust appears to be the identical as final yr’s. I’ve exhausted my primary data of “openssl” instructions making an attempt to identify any variations, to no avail.
In testing, I see the identical conduct in iOS16, iOS17, iOS18, macOS14, and macOS15. When utilizing the expiring certificates, new units can obtain the profile, however when utilizing the newer certificates, errors happen. Additionally, with the newer certificates, all the above units are capable of set up profiles (manually, from the /mydevices URL).
One attention-grabbing be aware, is that yesterday the error was “invalid certificates”; nevertheless, in the present day, it simply says “canceled” (iOS16). I learn that ABM was having points in a single day, so this can be associated. However, my hassle with new units and the brand new certificates began over every week in the past.
PS – I am not utilizing profile supervisor as a result of I wish to. However, be happy so as to add extra the reason why it is a unhealthy thought (so long as you attempt to assist remedy the unique downside).
