Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Resolving communication issue between iOS 13 and Trend Micro Mobile Security for Enterprise LCS

    • Updated:
    • 30 Aug 2019
    • Product/Version:
    • Mobile Security For Enterprise 9.8
    • Platform:
    • iOS All
Summary

Due to the new security requirements announced by Apple, Trend Micro Mobile Security (TMMS) users utilizing a Local Communication Server (LCS) and a self-signed certificate must apply this patch and perform certificate deployment as instructed in this article before upgrading the mobile device to iOS 13. If a mobile device is already upgraded to iOS 13 before applying the patch and performing the instructed certificate deployment, the user will need to re-deploy the TMMS iOS App again.

Without a complying certificate, iOS 13 mobile devices will not be able to access the Transport Layer Security (TLS) server, install apps, or access websites in their Safari web browser. For more details, refer to this Apple article: Requirements for trusted certificates in iOS 13 and macOS 10.15.

These security requirements will affect the customer who are:

  • using TMMS full version deployment mode
  • using a Local Communication Server (LCS) and a self-signed certificate
  • enrolled iOS 12 or earlier devices

Below are the possible impact of the updated security requirements:

  • All currently enrolled iOS 13 mobile devices that were upgraded from iOS 12 or a lower version will not be able to access the LCS anymore. Such mobile devices need to be re-enrolled after implementing the new security requirements.
  • New iOS 13 mobile devices will not be able to enroll to LCS.
Details
Public

To resolve the issue:

  1. Install TMMS 9.8 SP2 Patch 1.
  2. Create a new directory named "NewCA" in the LCS.
  3. On the Communication Server root directory, copy the following files to the NewCA directory:
    • ccs.exe
    • CertConfigTool.exe
    • configuration.xml
    • gencert.bat
    • libeay32.dll
    • log4cxx.dll
    • mfc100u.dll
    • openssl.exe
    • openssl_gencert.cnf
    • ssleay32.dll
  4. On the NewCA directory, double-click CertConfigTool.exe to run the tool.
  5. Select Create a new self-signed certificate and then click Next.

    Create a new self-signed certificate

  6. Input the Common Name and Password, and click Next. The Common Name should be the same as the Local Communication Server setting, while the password has no requirement. Once completed, the new CA is generated.

    Use the existing Common Name and Password

  7. Copy tmmsmdm-ca.pem and rename it to tmmsmdm-ca.crt.
  8. Log into the TMMS web console and go to Administration > Certificate Management.
  9. Click Add and browse for tmmsmdm-ca.crt file, then click OK. No need to enter a password.

    Add certificate

    Certificate Management

  10. Under Certificate Policy of Policy For Group, tick the Enable certificate deployment option.
  11. Import TMMSMDM-CA, which is recently added in Step 9.

    Import TMMSMDM-CA

  12. Save the policy. The policy will then be deployed to all iOS devices.
  13. Make sure the certificate policy is deployed successfully.
    1. Go to Settings > General.
    2. Select Device Management.
    3. Click MDM Enrollment Profile and click More Details.
    4. Verify that the iOS device shows two (2) entries of "TMMSMDM-CA" certificates. One is for 1024-bit and another is for 2048-bit.

    Verify the two copies of TMMSMDM-CA

  14.  
    Before the new CA is deployed to all enrolled iOS 12 devices, do NOT upgrade to iOS 13 and do NOT proceed to Step 15 yet. If you proceed to Step 15, all enrolled iOS 12 and below devices without successfully deploying the new CA will not be able to communicate with TMMS server, and they need to re-enroll again.
    ​Once the new CA is deployed, upgrade iOS 12 devices to iOS 13. After the upgrade, all iOS 13 devices cannot successfully enroll yet, please proceed to the following steps.
  15. When the upgrade is complete, back up the following files located in the Communication Server root directory:
    • communication-server-cert.p12
    • tmmsmdm-ca.pem
    • ca directory
    • configuration.xml
  16. Copy the following files from the NewCA directory and paste them to the Communication Server root directory, to replace the old ones:
    • communication-server-cert.p12
    • tmmsmdm-ca.pem
    • ca directory
    • configuration.xml
  17. Restart the Mobile Security Communication Server service first, and then restart the Mobile Security Management Module Service after.
  18. All the enrolled iOS 13 devices don't deploy the new CA yet. Please re-enroll the devices again.

The iOS 13 devices can now successfully communicate with LCS.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1123479
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.