cancel
Showing results for 
Search instead for 
Did you mean: 

Afaria - Relay Server - ios enrollment

Former Member
0 Kudos

Hello

I have successfully enrolled and pushed down policies to ios devices using a vpn and afaria server (NO relay server)

Now I want to add in the relay server so no VPN is required.

I have set up the relay server and carried out all the checks and it is connected up to the afaria server.

e.g.

http://......./ias_relay_server/server/rs_server.dll

http://....../ias_relay_server/client/rs_client.dll

I can access the above and see

Overall availability: Full


I know have some questions on configuration of the afaria client for use with the relay server.


1. What url should be used for Address for Device communication? Previously I used xnet://..(afaria server url)... for direct access from the devices to the afaria server. Do I need to change this to xnet://..(relay server url)...


2. For ios we need ssl on the relay server,

I have created a certificate for use with SSL on the afaria server using a certificate authority I setup on the same machine as the afaria server.

Can I use the same process to create a certificate for the relay server to use?


Thanks

Andrew


Tags edited by: Michael Appleby

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

for client-based (Android and Windows MOBILE) devices you must exchange XNET:// with HTTP://<relayserverFQDN>/ias_relay_server/client/rs_client.dll/<FarmID>; but usually this is handled in separate fields. 1 for server and protocol and one for URLprefix (ias_......)

For iOS you MUST have https as you have found out and you can install the same cert (or similar) as you used today on your Afaria server onto you Relay server and configure the Relay server to use HTTPS. Then iOS devices will talk HTTPS to Relay. Remember that the Root must be trusted on the device AND that FQDN must match between cert and the enrollment url

BR

Peter

Former Member
0 Kudos

Hi Peter

Thanks for the reply.

OK so the certificates is where I am a bit unsure.

So when I setup the afaria server without relay server I created a Stand alone CA and I used this to create my SSL cert.

Can I use the same CA on my afaria server to create the cert to be used on my relay server?

If I do the above will the statement be true "Remember that the Root must be trusted on the device"

Thanks again

Andrew

Former Member
0 Kudos

Yes, you can use the same CA to issue a new cert to "relayserver.domain.com" and you should deploy the root cert either before enrollment or as part of the enrollment. This last part came an enhancement some time ago and you set the root ca to be deployed from the setup wizard for "Enrollment Server / iPhoneServer) as shown here:

I would always recommend to spend 50$ on a trusted SSL cert because it greatly reduces problems over self signed ssl certs - if you can't find any try these guys: http://webdesign.about.com/od/ssl/tp/cheapest-ssl-certificates.htm

BR


Peter

Former Member
0 Kudos

Thanks Peter

That sounds great, I will check it out.

I am at present struggling to enrol an android using a relay server.

I thought it would be best to get android enrolling then move onto iOS at it requires the cert.

I will post my new issue in a new thread.

Thanks again

Andrew

Former Member
0 Kudos

Hi Peter

Is it possible to use an ip address for the certificate that is going to be used on the relay server.

Rather than relayserver.domain.com

Or do I need to set it up as a domain.

Thanks for all your help, am making progress

Andrew

Former Member
0 Kudos

You can't use IP. Certs works best with FQDNs

Peter

Answers (0)