The Register has an article on an important but often overlooked aspect of iPads in business. Users want them working, all the time.

My iPad is more robust than most of the appliances in my kitchen never mind an enterprise data centre... As a result of this turnaround, the role of an IT architect has got even harder, especially in the small- and mid-enterprise sectors where arguably the pace of IT change has never been faster and the lack of IT governance has never been lower

Have you noticed this too?

We use x509 TLS certificates as part of our authentication to activesync. When the certificate renews, the way this works is the profile is removed from the device and re-added with the new credential.

Unfortunately, this means that the activesync account settings are reset to defaults (folders to sync, days, etc) as well as if the user had set the activesync as default account for mail, calendar, contacts.

Under the principle of least surprise, I'd like to force the activesync accounts to be default when provisioning or renewing. I haven't found any way of doing this with the standard AirWatch profile settings, so I was wondering if there's any MDM features I should be asking AirWatch for, or even if there's any custom XML that I can apply.

We have developed an enterprise app as add on to our backend system, which our customers can download from the app store. The app is not working standalone, but requires the corresponding server. Of course our customer don't want to allow their users to install all app updates we provide (~1 update every 2 month), since every release must go through a comprehensive testing process (with their customized backend system) before internal rollout. They either have a mdm solution in place, or have built up their own company app store. Due we are not developing this app for a single customer, we cannot hand out the ipa file. So my question is, how our customers can organize their deployment process to prevent/control updates via the app-store? I really hope you can help me!! THANKS

We have a field team of reps that visit retail stores. They are issued an iPad Mini to conduct their reports in the field. We would like to give the District Managers the ability to share their screen with their employees (between 30 and 40 people) to conduct trainings. We will at times need to share documents which I know there are lots of solutions, i.e. Join.Me Pro, but what we really need to be able share the actual screen so we can train them on how to access and fill out the call reports that they will use.

I am having a challenge finding a solution that will allow us to share our iPad screen with 30 to 40 people at once on their PCs or iPads where they can actually watch us using iPad Apps.

It would also be a bonus if this would allow the District Manager to also view an employee's iPad screen to help trouble shoot or answer an individual's question. This only has to share with one or two others at most.

Any suggestions?

Hi all,

I'm trying to understand how iOS deals with certificates and I'm wondering if anyone can explain a few things to me. I'm working on a system that would provide users with a personal identification certificate for authentication to various services (email, Wi-Fi, websites, etc.) via a configuration profile. Profile creation isn't a problem, but in testing website authentication, it seems that iOS (or Mobile Safari) requires me to provide the CA certificates that should already be on the device.

Here is the certificate chain that my colleague provides me with when I get the user's cert:

AddTrust External CA Root
 ↳ UTN-USERFirst-Client Authentication and Email
    ↳ InCommon Standard Assurance Client CA
       ↳ User's personal certificate

At first, I added the certificate as a single payload of type com.apple.security.pkcs12 with all the CA certificates in the chain included in the p12 data blob. This didn't seem to work since I'd get a warning from MobileSafari in the console log:

no itentities, but we have a challenge <NSURLAuthenticationChallenge: 0x1ddccd90>

Along with the following dialog in the browser:

This website requires a certificate
The required certificate is not installed.
Dismiss

The server's ssl_error_log reported:

Re-negotiation handshake failed: Not accepted by client!?

So I tried breaking out the certs into individual payloads. According to this article, iOS 5 and 6 has "AddTrust External CA Root" and "UTN-USERFirst-Client Authentication and Email" preinstalled and I shouldn't have to install them again. So I just included "InCommon Standard Assurance Client CA" and the user's cert as two separate payloads (of types com.apple.security.pkcs1 and com.apple.security.pkcs12 respectively), but that didn't work. I was only able to get it to work if I installed the entire cert chain (using com.apple.security.root as the payload type for the root cert).

Why is that? Shouldn't it already know about the two CAs? I can understand adding the "InCommon" CA since it's not preinstalled, but It seems strange that I have to explicitly provide the other CA certs.

FWIW, I've found out that there are at least three versions of "UTN-USERFirst-Client Authentication and Email":

Intermediate CA (expires Saturday, May 30, 2020 6:48:38 AM EDT)
Intermediate CA (expires Sunday, December 31, 2028 6:59:59 PM EDT)
Root CA (expires Tuesday, July 9, 2019 1:36:58 PM EDT)

The root version is the one preinstalled in iOS. When I evaluate the user's cert with the Certificate Assistant in OS X, the cert status is good no matter what chain it uses, but could this multiple CA certs thing be an/the issue?