MDM profile can't be downloaded

1 users found this article helpful

Symptoms

MDM profile isn't installed.

pma_agent.log:

01-20 11:43:16.080 I /MacAgentUtils:71:9a1f/ Installing MDM profile from 'https://xxx.yyy/profile'
01-20 11:43:16.218 W /MacAgentUtils:71:9a1f/ /usr/bin/curl failed:
000
curl: (60) SSL certificate problem: unable to get local issuer certificate
01-20 11:43:16.218 W /MacAgentUtils:71:9a1f/ Exception: impl/MdmEnroller.cpp(264): Throw in function QByteArray (anonymous namespace)::download_profile(QUrl, QByteArray)
Dynamic exception type: boost::exception_detail::clone_impl<boost::exception_detail::error_info_injector<std::runtime_error> >
std::exception::what: /usr/bin/curl failed
01-20 11:45:00.945 I /Std:71:307/ Entering state 'Discovery'
01-20 11:45:00.981 D Install /MacMdmProfileAgent:71:307/ Profile 'com.apple.mdm.xxx.yyy.6f73bf10-5a10-0137-a456-701898eb8ec4.alacarte' is not installed
01-20 11:45:00.981 D Install /MacMdmProfileAgent:71:307/ Is compliant? NO
01-20 11:45:00.981 I /Std:71:307/ Exiting state 'Discovery'
01-20 11:45:00.981 I /Std:71:307/ Entering state 'Remediation'
01-20 11:45:01.262 I /Std:71:307/ Exiting state 'Remediation'
01-20 11:45:01.262 I /Std:71:307/ Entering state 'Validation'
01-20 11:46:13.799 I /Std:71:307/ Exiting state 'Validation'
01-20 11:46:13.799 I /Std:71:307/ Entering state 'Complete'
01-20 11:46:13.799 I /MacMdmProfileAgent:71:307/ Completed with status: Non-Compliant

Cause

MDM server was configured with a certificate that is self-signed or originated from Enterprise CA.
curl refuses connection to such servers: https://curl.haxx.se/docs/sslcerts.html

Resolution

Please issue the certificate for MDM server from one of the usual registrars, such as Verisign or Comodo.
The certificate is a regular SSL certificate for a web server. Its CN (common name) has to be the same as the name used in the URL that Mac uses to connect to the Parallels MDM Server. The certificate must be a PFX file with the private key in RSA format.

Once you have a valid certificate, please reconfigure the MDM server using this certificate:

 

Was this article helpful?

Tell us how we can improve it.