Basic concept of enrollment certificate RRS feed

  • Question

  • Hello,

    I'm developing MDM Enterprise Server in Java. I almost complete everything, but I don't understand concept of enrollment certificate. I'm newbie in Microsoft Technlogies, but I've read and watched almost everything about MS-WSTEP and I understand this protocol, but I don't understand why I need this enrollment certificate.

    Now I have three types of certificates: SSL certificate, application certificate from Symantec, and certificate for enrollment.

    SSL certificate is protecting my connection between "workplace" and Discovery/Enrollment/OMADM server.

    Symantec certificate is protecting my company apps.

    And the third cartificate is self-signed, root certificate made with open-ssl, used only to make and sign request during enrollment step. How could I use this certificate later? Why do I need this certificate? I don't even need this certificate to connect to my server - workplace is connecting to my server even if this certificate expires.

    The secend question is - why ROBO is failing with my certificate after discovery step? It doesn't change anything for now, but it's terrifying. Is the root certificate instaled during enrollment (if I put it into root certificate section) or I have to install it during DM session later? 

    Tuesday, August 12, 2014 7:47 PM

All replies

  • I also would like to know what the enrollment certificate is used for. We are nearing completion of our Windows DM integration and it appears that this certificate is never used once created. Why is it needed?
    Monday, January 11, 2016 4:07 PM