Before you upgrade

Before you upgrade, you must consider the possible impact of certain security enhancements on your environment:

Understand the impact of TLS protocol changes

Understand the impact of TLS protocol changes

For heightened security, when you upgrade to MobileIron Core, MobileIron Core's configurations for incoming and outgoing SSL connections are automatically updated to use only protocol TLSv1.2. TLSv1.2 cannot be disabled.

This change occurs regardless of the protocol settings before the upgrade.

This change means that MobileIron Core now uses only TLSv1.2 for incoming and outgoing connections with all external servers. Examples of external servers to which Core makes outgoing connections are:

Standalone Sentry
Integrated Sentry
SCEP servers
LDAP servers
MobileIron Gateway
Apple Push Notification Service (APNS)
Content Delivery Network servers
MobileIron support server (
Outbound proxy for Gateway transactions and system updates
SMTPS servers
Public app stores (Apple, Google, Windows)
Apple Volume Purchase Program (VPP) servers
Apple Device Enrollment Program (DEP) servers
Android for Work servers

Therefore, if an external server is not configured to use TLSv1.2, change the external server to use TLSv1.2.

NOTE: Upgrade to Integrated Sentry 6.4 before upgrading to Core Integrated Sentry 6.4 supports TLSv1.2.

To determine TLS protocol usage with external servers:

  • For outgoing connections from Core to external servers, use the MobileIron utility explained in the following article to determine the TLS protocol usage with those servers:

  • For incoming connections to Core from external servers, determine each server's TLS protocol usage (no MobileIron utility is available)

For more information:

Threat Advisory: Notice of Deprecation of TLS 1.0 and 1.1 on MobileIron Systems
"Advanced: Incoming SSL Configuration" and "Advanced: Outgoing SSL Configuration" in the MobileIron Core System Manager Guide.