From eScan Wiki
| Revision as of 07:20, 26 March 2018 WikiSysop (Talk | contribs) (→'''Pre-Requisites for Managing iOS Devices''') ← Previous diff | Current revision WikiSysop (Talk | contribs) (→'''Pre-Requisites for Managing iOS Devices''') | ||
| Line 3: | Line 3: | ||
| '''Overview''' | '''Overview''' | ||
| - | The eScan EMM requires a SSL certificate to manage your iOS devices from the EMM console. This document gives you information on all the pre-requisites for managing iOS devices and how you can import the SSL certificate .It also briefs on what the certificate is about and where you can purchase the same. | + | The eScan EMM requires a SSL certificate to manage your iOS devices from the EMM console. This document gives you information on all the pre-requisites for managing iOS devices and how you can import the SSL certificate. It also briefs on what the certificate is about and where you can purchase the same. | 
| + | |||
| '''Steps required:''' | '''Steps required:''' | ||
| + | <ol> | ||
| + | <li> Make sure you have a dedicated IP. You can have static IP or use NAT '''*'''</li> | ||
| + | |||
| + | <li> Decide on a domain name.<br> | ||
| + | You need to decide a domain name for your EMM console to which the connecting devices are directed to your server, for eg: emm.mycompany.com</li> | ||
| - | 1. Make sure you have a dedicated IP. You can have static IP or use NATing * | + | <li> Add A-record. Creating an A-record will re-direct anyone who visits emm.mycompany.com to the dedicated IP. For more information on creating your A-record please contact your DNS provider/Name Server Provider. </li> | 
| + | <li> Make sure that the below ports are made available for proper functionality.<br> | ||
| + | Ports: 10443,2021,2221,2222,2225,2226,443,3333.<br> | ||
| + | In case, you are using NAT or NO-IP, port redirection to the local Corporate 360 server will be required. | ||
| + | </li> | ||
| - | 2. Decide on a domain name.You need to decide a domain name for your EMM console to which the connecting devices are directed to your server, for ex: emm.abc.com. | + | <li> Acquiring the SSL certificate from an Apple approved Certificate Authority (CA) '''**'''. Refer below link for more help on "How to generate a SSL certificate using Certificate Authority (CA)".<br> | 
| + | http://wiki.escanav.com/wiki/index.php/Escan/english/escan11/eScan_Management_Console/EMM/Generate_SSL_Cert_iOS_Mgmt | ||
| + | </li> | ||
| - | 3. Acquiring the '''C.A certificate''' from an Apple approved CA** | + | <li>Import certificate and start managing your iOS devices.</li> | 
| + | </ol> | ||
| - | 4. Add A-record | + | '''*''' If you are using NATing please refer this link for more information<br> | 
| + | https://en.wikipedia.org/wiki/Network_address_translation | ||
| - | 5. Import certificate and start managing your iOS devices *If you are using NATing please refer this document for more information. | + | '''**''' List of Apple Approved CA | 
| - | ** List of Apple Approved CA | + | |
| https://support.apple.com/en-us/HT204132 | https://support.apple.com/en-us/HT204132 | ||
| - | '''How to import a C.A certificate on the eScan Corporate 360 EMM console?''' | + | '''Please Note: ''' | 
| + | <ol> | ||
| + | <li> This is not the iOS certificate or some certificate that will be provided by Apple.</li> | ||
| - | A. To add the certificate when you log into the eScan Corporate 360 console for the first time: | + | <li> This is a normal SSL certificate that organization's use on their server for SSL communication (https). Eg: When you connect to a website www.escanav.com you are on a secured connection, as this server 'escanav.com' has a SSL certificate installed.</li> | 
| - | 1. Click on '''[https://www.escanav.com/en/solutions/enterprise-mobility-management.asp eScan Mobility Management (EMM)]'''. | + | <li> If you are having the server as 'emm.mycompany.com', you need to get a SSL certificate for the domain emm.mycompany.com. You will have to buy this from a CA or generate it for free. </li> | 
| - | It opens the EMM console use only for Android and iOS devices. | + | <li> The certificate thus bought from the CA has to be renewed every year or if it is for free it has to be renewed every 3 months.</li> | 
| - | 2. Under '''To manage iOS devices you need to add a Trusted CA Certificate,''' click on '''Start with iOS.''' | + | <li>This certificate needs to be imported in the console, for the server and the Apple servers to communicate securely. </li> | 
| - | It opens a new window where you can import your certificate files. | + | </ol> | 
| - | 3. '''Browse''' the file from your local drive. | + | '''How to import a SSL certificate in the eScan Corporate 360 EMM console?''' | 
| - | 4. Save the files. | + | '''A. To add the certificate when you log into the eScan Corporate 360 console for the first time:''' | 
| - | You will see a confirmation message '''“Certificate added successfully ”'''. | + | <ol> | 
| + | <li>Click on '''eScan Mobility Management (EMM)'''. | ||
| + | It opens the EMM console use only for Android and iOS devices.</li> | ||
| + | |||
| + | <li>Under '''To manage iOS devices you need to add a Trusted CA Certificate,''' click on '''Start with iOS.''' | ||
| + | It opens a new window where you can import your certificate files.</li> | ||
| + | |||
| + | <li>'''Browse''' the file from your local drive.</li> | ||
| + | |||
| + | <li>Save the files.<br> | ||
| + | You will see a confirmation message '''“Certificate added successfully ”.'''</li> | ||
| + | </ol> | ||
| '''Note:''' Make sure you add an authentic CA certificate in .crt file format and .key file format for the key. Self-signed file will not be accepted. | '''Note:''' Make sure you add an authentic CA certificate in .crt file format and .key file format for the key. Self-signed file will not be accepted. | ||
| - | B. To add the CA certificate if | ||
| - | i. You had selected to proceed with "'''Start with Android (without iOS)'''" earlier | + | '''B. To add the CA certificate if ''' | 
| + | <ol style="list-style-type:lower-roman"> | ||
| + | <li> You had selected to proceed with "'''Start with Android (without iOS)'''" earlier</li> | ||
| '''or''' | '''or''' | ||
| - | ii. You have deleted the previous certificate please follow the steps below: | + | <li>You have deleted the previous certificate please follow the steps below:</li> | 
| + | </ol> | ||
| - | 1. On the left menu click '''Settings'''. | + | <ol > | 
| + | <li> On the left menu click '''Settings'''.</li> | ||
| - | 2. Select '''Certificate Management''' tab. | + | <li> Select '''Certificate Management''' tab.</li> | 
| - | 3. Click the '''Add''' button. | + | <li> Click the '''Add''' button. | 
| - | The '''Add Certificate''' window is displayed. | + | |
| - | 4. '''Browse''' the file from your local drive. | + | The '''Add Certificate''' window is displayed.</li> | 
| - | 5. Save the files. You will see a confirmation message “'''Certificate added successfully'''”. | + | |
| + | <li> '''Browse''' the file from your local drive.</li> | ||
| + | |||
| + | <li>Save the files. | ||
| + | You will see a confirmation message '''“Certificate added successfully”.'''</li> | ||
| + | </ol> | ||
| '''What is a CA certificate?''' | '''What is a CA certificate?''' | ||
| Line 62: | Line 95: | ||
| The digital certificate is an essential part of secure communication and plays an important part in the public key infrastructure (PKI). | The digital certificate is an essential part of secure communication and plays an important part in the public key infrastructure (PKI). | ||
| Certificates typically include the owner's public key, the expiration date of the certificate, the owner's name and other information about the public key owner. | Certificates typically include the owner's public key, the expiration date of the certificate, the owner's name and other information about the public key owner. | ||
| + | |||
| '''Why is a CA Certificate required?''' | '''Why is a CA Certificate required?''' | ||
| The certificate is from a trusted third party who is responsible for physically verifying the legitimacy of the identity of an individual or organization before issuing a digital certificate. It guarantees that the individual granted the unique certificate is, in fact, who he or she claims to be. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. | The certificate is from a trusted third party who is responsible for physically verifying the legitimacy of the identity of an individual or organization before issuing a digital certificate. It guarantees that the individual granted the unique certificate is, in fact, who he or she claims to be. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key. | ||
| + | |||
| '''How to purchase a CA certificate?''' | '''How to purchase a CA certificate?''' | ||
| - | Please contact an authentic SSL certificate issuing authority (like '''Lets Encrypt''' (free provider), '''Rapid SSL , Comodo''' etc.) to purchase a CA certificate. Make sure the certificate they issue is mentioned among the list in the link below. | + | Please contact an authentic SSL certificate issuing authority (like '''Lets Encrypt''' (free provider), '''Rapid SSL , Comodo''' etc.) to purchase a CA certificate. Make sure the certificate they issue is mentioned among the list in the link below. | 
| List of Apple Approved CA '''[https://support.apple.com/en-us/HT204132 https://support.apple.com/en-us/HT204132]''' | List of Apple Approved CA '''[https://support.apple.com/en-us/HT204132 https://support.apple.com/en-us/HT204132]''' | ||
| + | |||
| '''How to create your A-record for the dedicate IP?''' | '''How to create your A-record for the dedicate IP?''' | ||
| Line 77: | Line 113: | ||
| Creating an A- record will re-direct anyone who visits your EMM to the dedicated IP. For more information on creating your A-record please contact your ISP. | Creating an A- record will re-direct anyone who visits your EMM to the dedicated IP. For more information on creating your A-record please contact your ISP. | ||
| - | '''Deployment Scenarios''' | ||
| - | The eScan EMM for iOS devies can be used in the scenarios recommended as below. | + | '''Deployment Scenarios''' | 
| - | '''Scenario 1:''' | + | The eScan EMM for iOS devies can be used in different scenarios as below. | 
| - | eScan server is installed on a system and a Static IP (Public IP) is assigned to the system. | + | '''Scenario 1:''' eScan server is installed on a system and a Static IP (Public IP) is assigned to the system. | 
| - | '''Scenario 2:''' | + | '''Scenario 2:''' eScan server is installed on a system locally and NAT with port redirection is done to the server system. | 
| - | eScan server is installed on a system locally and NAT with port redirection is done to the server system. | + | |
| - | '''Scenario 3:''' | ||
| - | Usage of Dynamic DNS as an alternative for Native DNS services is not recommended. | ||
| '''Note:''' | '''Note:''' | ||
Current revision
Pre-Requisites for Managing iOS Devices
Overview
The eScan EMM requires a SSL certificate to manage your iOS devices from the EMM console. This document gives you information on all the pre-requisites for managing iOS devices and how you can import the SSL certificate. It also briefs on what the certificate is about and where you can purchase the same.
Steps required:
- Make sure you have a dedicated IP. You can have static IP or use NAT *
-  Decide on a domain name.
 You need to decide a domain name for your EMM console to which the connecting devices are directed to your server, for eg: emm.mycompany.com
- Add A-record. Creating an A-record will re-direct anyone who visits emm.mycompany.com to the dedicated IP. For more information on creating your A-record please contact your DNS provider/Name Server Provider.
-  Make sure that the below ports are made available for proper functionality.
 Ports: 10443,2021,2221,2222,2225,2226,443,3333.
 In case, you are using NAT or NO-IP, port redirection to the local Corporate 360 server will be required.
-  Acquiring the SSL certificate from an Apple approved Certificate Authority (CA) **. Refer below link for more help on "How to generate a SSL certificate using Certificate Authority (CA)".
 http://wiki.escanav.com/wiki/index.php/Escan/english/escan11/eScan_Management_Console/EMM/Generate_SSL_Cert_iOS_Mgmt
- Import certificate and start managing your iOS devices.
* If you are using NATing please refer this link for more information
https://en.wikipedia.org/wiki/Network_address_translation
** List of Apple Approved CA https://support.apple.com/en-us/HT204132
Please Note: 
- This is not the iOS certificate or some certificate that will be provided by Apple.
- This is a normal SSL certificate that organization's use on their server for SSL communication (https). Eg: When you connect to a website www.escanav.com you are on a secured connection, as this server 'escanav.com' has a SSL certificate installed.
- If you are having the server as 'emm.mycompany.com', you need to get a SSL certificate for the domain emm.mycompany.com. You will have to buy this from a CA or generate it for free.
- The certificate thus bought from the CA has to be renewed every year or if it is for free it has to be renewed every 3 months.
- This certificate needs to be imported in the console, for the server and the Apple servers to communicate securely.
How to import a SSL certificate in the eScan Corporate 360 EMM console?
A. To add the certificate when you log into the eScan Corporate 360 console for the first time:
- Click on eScan Mobility Management (EMM). It opens the EMM console use only for Android and iOS devices.
- Under To manage iOS devices you need to add a Trusted CA Certificate, click on Start with iOS. It opens a new window where you can import your certificate files.
- Browse the file from your local drive.
- Save the files.
 You will see a confirmation message “Certificate added successfully ”.
B. To add the CA certificate if  
- You had selected to proceed with "Start with Android (without iOS)" earlier
- You have deleted the previous certificate please follow the steps below:
or
- On the left menu click Settings.
- Select Certificate Management tab.
- Click the Add button. The Add Certificate window is displayed.
- Browse the file from your local drive.
- Save the files. You will see a confirmation message “Certificate added successfully”.
What is a CA certificate?
To manage iOS devices on the EMM console you are required to add a trusted CA certificate. A certificate authority (CA) is a trusted entity that issues electronic documents that verify a digital entity’s identity on the Internet. The digital certificate is an essential part of secure communication and plays an important part in the public key infrastructure (PKI). Certificates typically include the owner's public key, the expiration date of the certificate, the owner's name and other information about the public key owner.
Why is a CA Certificate required?
The certificate is from a trusted third party who is responsible for physically verifying the legitimacy of the identity of an individual or organization before issuing a digital certificate. It guarantees that the individual granted the unique certificate is, in fact, who he or she claims to be. This allows others (relying parties) to rely upon signatures or on assertions made about the private key that corresponds to the certified public key.
How to purchase a CA certificate?
Please contact an authentic SSL certificate issuing authority (like Lets Encrypt (free provider), Rapid SSL , Comodo etc.) to purchase a CA certificate. Make sure the certificate they issue is mentioned among the list in the link below.
List of Apple Approved CA https://support.apple.com/en-us/HT204132
How to create your A-record for the dedicate IP?
Creating an A- record will re-direct anyone who visits your EMM to the dedicated IP. For more information on creating your A-record please contact your ISP.
Deployment Scenarios
The eScan EMM for iOS devies can be used in different scenarios as below.
Scenario 1: eScan server is installed on a system and a Static IP (Public IP) is assigned to the system.
Scenario 2: eScan server is installed on a system locally and NAT with port redirection is done to the server system.
Note: 
1. SSL Sniffing devices provide their own Certificate, which would be rejected by EMM and iOS during the validation process. Disable SSL Sniffing for Network Interfaces of EMM.
2. Self-Signed Certificates are not accepted.
 eScan Blog
eScan Blog eScan Website
eScan Website eScan Forum
eScan Forum eScan Feeds
eScan Feeds     
