on 08-19-2014 5:10 PM
Hello
I have successfully enrolled and pushed down policies to ios devices using a vpn and afaria server (NO relay server)
Now I want to add in the relay server so no VPN is required.
I have set up the relay server and carried out all the checks and it is connected up to the afaria server.
e.g.
http://......./ias_relay_server/server/rs_server.dll
http://....../ias_relay_server/client/rs_client.dll
I can access the above and see
I know have some questions on configuration of the afaria client for use with the relay server.
1. What url should be used for Address for Device communication? Previously I used xnet://..(afaria server url)... for direct access from the devices to the afaria server. Do I need to change this to xnet://..(relay server url)...
2. For ios we need ssl on the relay server,
I have created a certificate for use with SSL on the afaria server using a certificate authority I setup on the same machine as the afaria server.
Can I use the same process to create a certificate for the relay server to use?
Thanks
Andrew
Tags edited by: Michael Appleby
for client-based (Android and Windows MOBILE) devices you must exchange XNET:// with HTTP://<relayserverFQDN>/ias_relay_server/client/rs_client.dll/<FarmID>; but usually this is handled in separate fields. 1 for server and protocol and one for URLprefix (ias_......)
For iOS you MUST have https as you have found out and you can install the same cert (or similar) as you used today on your Afaria server onto you Relay server and configure the Relay server to use HTTPS. Then iOS devices will talk HTTPS to Relay. Remember that the Root must be trusted on the device AND that FQDN must match between cert and the enrollment url
BR
Peter
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Peter
Thanks for the reply.
OK so the certificates is where I am a bit unsure.
So when I setup the afaria server without relay server I created a Stand alone CA and I used this to create my SSL cert.
Can I use the same CA on my afaria server to create the cert to be used on my relay server?
If I do the above will the statement be true "Remember that the Root must be trusted on the device"
Thanks again
Andrew
Yes, you can use the same CA to issue a new cert to "relayserver.domain.com" and you should deploy the root cert either before enrollment or as part of the enrollment. This last part came an enhancement some time ago and you set the root ca to be deployed from the setup wizard for "Enrollment Server / iPhoneServer) as shown here:
I would always recommend to spend 50$ on a trusted SSL cert because it greatly reduces problems over self signed ssl certs - if you can't find any try these guys: http://webdesign.about.com/od/ssl/tp/cheapest-ssl-certificates.htm
BR
Peter
User | Count |
---|---|
81 | |
25 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.