Purchase third-party trusted certificates

MobileIron recommends using third-party certificates as follows:

  • trusted TLS/SSL certificates for MobileIron Core and Standalone Sentry.

    • Core Portal HTTPS: External hostname of Core server.

      Allows a client (such as a browser or app) to trust MobileIron Core over ports 443 and 8443. You must use a publicly trusted certificate from a well-known Certificate Authority if you are using mutual authentication.

    • Sentry: External hostname of Sentry server. Multiple sentries behind a load balancer will use the same external certificate.

      Allows a device to trust the Standalone Sentry.

  • trusted TLS/SSL certificates for device enrollment

    • iOS Enrollment: External hostname of Core server. In most cases, the certificate will be the same as the Core Portal HTTPS certificate.

      Core uses this identity certificate to sign the Apple MDM configurations that it sends to iOS and macOS devices.

    • Client TLS: External hostname of Core, often the same as the Core Portal HTTPS certificate.

      Allows Mobile@Work for iOS and Android to trust MobileIron Core over port 9997 or port 443.

Note The Following:  

  • Obtain these certificates in advance to ensure appropriate lead time.
  • Typically the Portal HTTPS, iOS Enrollment, and Client TLS certificates are the same certificate. However, you can use different certificates. MobileIron recommends using separate certificates for different use cases.

Related topics 

“Certificates you configure on the System Manager” in the MobileIron Core System Manager Guide