I was wondering if anybody has any information around how certificates are handled in iOS and what iCloud retains?
In our environment we have an MDM solution which deploys certificate based ActiveSync and VPN profiles as well as other policies. We also have to manually install our internal root/intermediate certificates on the device which are required for the in-house iOS web apps and the Active Directory chain of trust over the MDM automated VPN.
Two things -
1) We discovered that in some cases one or two of the profiles would fail to install and after much troubleshooting it appeared to be solved by doing the following workaround steps -
Installing the manual certificates, re-booting the device, removing them cleanly, rebooting again and re-enroll the device to successfully bring down the profiles.
It also seems to suggest that the iCloud backup retains remnants of the certificates even when they are not present which comes down to the device or a new device but not sure how? e.g. If it's a fresh new device it was always work 100%.
2) Are you aware of what tools can be used to deploy these certificates over the air automatically?
Any advice greatly appreciated.
i dont have an answer for you but why not use your MDM to deploy your internal certs? no need to worry about iCloud at that point.