Hello SMC users,
If you manage iOS devices with Sophos Mobile Control (SMC), you may have to update your Sophos Mobile Control server certificate before 1 January 2017. This is due to Apple enforcing stricter rules on network security and requiring all apps to use HTTPS exclusively. As we always prioritize security, we welcome this move and consider it an important step to improve the security of the iOS platform.
On Apple platforms, a network security feature called App Transport Security (ATS) is available to apps to improve privacy and data integrity by ensuring an app’s network connections employ industry-standard protocols without known weaknesses. This helps instill user trust that the app does not accidentally leak transmitted data to malicious parties. ATS requires all iOS apps to use HTTPS for communication. The certificates used to secure the HTTPS connection must either be issued from a Certificate Authority (CA) trusted by iOS or installed manually before device enrollment.
Please see this article for more information about ATS.
What do I have to do?
If you use a self-signed certificate or a corporate CA-generated certificate for your Sophos Mobile Control server, you need to replace your Sophos Mobile Control server’s certificate with one that is externally trusted before 1 January 2017. If you don’t update your server certificate, you will not be able to enroll any further iOS devices from this date.
How do I do that?
Replacing your Sophos Mobile Control server certificate is easy! Check out this video overview to updating your SMC certificate. More information can also be found in the article How to update Sophos Mobile Control server SSL certificate.
Once you upload this certificate into the server, how do you push it to all the phones? Might be helpful for those who started with a self signed certificate.