I'm trying to deploy a mobile configuration for a number of iPhones. The mobile configuration only includes PKCS12 for the client certificate authentication and the configuration of the MS Exchange Active Sync Server.
I have an older ".mobileconfig", we've previously used and I have one with the same data, but generated by the current "Apple Configurator 2" from the App Store.
The old.mobileconfig crashes without any further info, on the last step, after the user password for the Active Sync has been entered on iOS 13.4.1 but works perfectly fine on iOS 13.2.2 (both iPhone SE).
With the new.mobileconfig, the setup finishes just fine and the profile is set up on the client, but it fails to connect to the sync server with the client certificate, both on iOS 13.4.1 and iOS 13.2.2.
Upload for "Additional Text" keeps failing for me on here, so I'll attach a redacted version of both configuration files like so:
old.mobileconfig: https://pastebin.com/X8Q0U90M
new.mobileconfig: https://pastebin.com/bLs2wBcS
My patience grows thin with this setup, so I am asking for help here.
What is the issue with my mobileconfigs, how can I correctly generate/adjust the mobileconfig to have our iPhones connect to our Active Sync server with client certificate authentication?
Best Answer
As I have identified, the issue was that the current iOS versions (13.4.1, iOS 13.4.5BETA) have a bug, where iOS can not use client certificate authentication.
It seems like this was finally fixed in the iOS BETA 13.5 (17F5065a).
With the client certificate authentication working again, the setup worked on the newer iOS version.