IOS Mobile device management failed to install profile

I'm trying to setup a MDM Check-in connection from my device to server. In my .mobileconfig I already put in the identity which is from the credential, I generate it from keychain access and using the .p12 file. For Server & Check-in URL - https://address.To.Server:9769/mdm/

I'm hosting my server in tomcat with SSL enabled which i generate the JKS using keytools, - "keytool -importkeystore -srckeystore client-cert.p12 -srcstoretype PKCS12 -destkeystore keystore.jks"

*client-cert.p12 is same with the .p12 file i put in mobileconfig's identity.

If i'm not mistaken, all the request from IOS to server are using HTTP PUT method. I already tried access my server directly from chrome browser and got no problem with it. I believe it is the certificate problem, but i got no clue what happening.

I got all these error when i tried to install the profile from safari.

>Notice: (Error) MC: Connection to <server> failed with error: NSError:
Desc   : The server certificate for <server> is invalid.
US Desc: The server certificate for <server> is invalid.
Domain : MCHTTPTransactionErrorDomain
Code   : 23002
Type   : MCFatalError
Params : (
"<server>"
)

>Notice: (Error) MC: Cannot install MDM Mobile Device Management. Error: NSError:
Desc   : The payload Mobile Device Management could not be installed.
Sugg   : The server certificate for <server> is invalid.
US Desc: The payload Mobile Device Management could not be installed.
US Sugg: The server certificate for <server> is invalid.
Domain : MCInstallationErrorDomain
Code   : 4001
Type   : MCFatalError
Params : (
"Mobile Device Management"
)

>Desc   : The profile SilverlakeMDM could not be installed.
Sugg   : The payload Mobile Device Management could not be installed.
US Desc: The profile SilverlakeMDM could not be installed.
US Sugg: The payload Mobile Device Management could notbe installed.
Domain : MCProfileErrorDomain
Code   : 1009
Type   : MCFatalError
Params : (
SilverlakeMDM
)

Below are from my server console:

>httpsConnector.receiver.02 ERROR DefaultSystemExceptionStrategy:300 logException - Caught exception in Exception Strategy: Received close_notify during handshake
javax.net.ssl.SSLException: Received close_notify during handshake
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1868)
        at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1821)
        at sun.security.ssl.SSLSocketImpl.recvAlert(SSLSocketImpl.java:1922)
        at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1059)
        at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1294)
        at sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:848)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:102)
        at sun.security.ssl.AppInputStream.read(AppInputStream.java:69)
        at org.apache.commons.httpclient.HttpParser.readRawLine(HttpParser.java:78)
        at org.apache.commons.httpclient.HttpParser.readLine(HttpParser.java:106)
        at org.mule.transport.http.HttpServerConnection.readLine(HttpServerConnection.java:219)
        at org.mule.transport.http.HttpServerConnection.readRequest(HttpServerConnection.java:185)
        at org.mule.transport.http.HttpMessageReceiver$HttpWorker.run(HttpMessageReceiver.java:155)
        at org.mule.work.WorkerContext.run(WorkerContext.java:311)
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1110)
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:603)
        at java.lang.Thread.run(Thread.java:722)

I able to access the https link using my ipad safari, but the cert is stated not trusted because it is self-sign certificate. For configuration profile, i generate using IPCU and insert .p12 generated from keychain access into identity section in IPCU. i can't install the profile because of "The server certificate for <server> is invalid". By the way, am i doing it right on generating the certificate? I'm confused.

First of all, disregard my comment regarding cert trusted or not. I just looked in iOS UI and it looks like it doesn't indicate any per cert status, but rather indicate Unsigned/Verified status for the whole profile.

Regarding cert generation. Just to make sure that we are on the same page. Credentials item in IPCU allows to add one of two things: 1) .cer (This will make iOS device trust server cert). 2) PKCS12 - it's device identity cert (it's a cert and private key which will be used by a device to authenticate to the server). At the end of the day, if your server has self-signed key, you should have install both server certificate + (PKCS12 or SCEP).

If I am not mistaken, Apple downloads has some configuration profiles for diagnostics and one of them is for diagnostic of MDM errors. You can install this configuration profile and in such case, it may give you more information on your error.

According to this answer here stackoverflow.com/a/10905901/2695014 , my CN would be address.To.Server:9769/mdm/ or address.To.Server:9769? Is it necessary to set the CN according to my server address?

Read this question for details: stackoverflow.com/questions/5935369/… Generally speaking CN should be equal to your host and domain. It shouldn't include ports (like 9769) and it shouldn't include path (/mdm)

Hi,which server you are using for MDM?Initially we used dedicated server but now we are transferring to Microsoft Azure.So the profile installation is failing when we are installing it (Profile Installation Failed) which used to work earlier.May be the azure has issue with the PUT request what I got to know till now.Do you gave any idea about it?Do we need to create fresh Certificates?

Right now I am just a developer of WSO2 EMM. This will work with WSO2 EMM.

@soniality did you solve your problem? I have the same issue.