This section describes the information required to configure Mobile Device Management (MDM) products to enroll for a certificate using Certificate Enrollment Gateway. For information about using your MDM product, see your MDM product documentation.

Supported MDM authentication methods

Certificate Enrollment Gateway supports user name and password authentication to authenticate with MDM products. You must configure at least one user name and password credential in the MDM product.

All user name and password credentials that Certificate Enrollment Gateway will use to authenticate to the MDM product must be specified in the Certificate Enrollment Gateway configuration. For details, see Configuring and deploying Certificate Enrollment Gateway.

Adding the CA certificate chain to the MDM product

MDM products must trust the CA certificate chain for the Certificate Enrollment Gateway TLS certificate. If the MDM product does not trust the CA certificate chain, the MDM clients will fail to establish a secure TLS connection to Certificate Enrollment Gateway. For instructions about adding certificates to your MDM product, see your MDM product documentation.

Issuing a signing certificate to the MDM product

Some MDM products may require a signing certificate to sign data being delivered to MDM devices. For instructions about adding certificates to your MDM product, see your MDM product documentation.

Enrollment URL for MDMWS clients

Mobile Device Management products must use the following URL to communicate with Certificate Enrollment Gateway:

Where:

• <CEG-server> is the hostname or IP address of the Certificate Enrollment Gateway server.
• <tenant-ID> is the unique identifier of a tenant defined in Certificate Enrollment Gateway. The value is case-sensitive.

For example: