gmanjohal
Enthusiast
Enthusiast

Product Provisioning / Android FTPS

Hi all, 

I'm in the middle of setting up an FTPS Relay server to provision and manage our rugged Android estate (we're a Zebra house), however I'm wondering if the following is true, and if possible any workarounds:

Essentially in order for the device to connect to the relay server, it requires a cert (ftps), I'm told if we go down the self-signed certificate route, I would need to first enable the Android keystore & then transfer the certificate prior to enrolment, then begin provisioning. To me this seems surreal as to secure the device for provisioning, I'd need to transfer the cert from a 'non-secure' ftp server. 

 

Second option would be to use a public cert, as the Trusted keystore on the device should automatically trust the cert due to having it's root CA already installed, however Zebra wouldn't confirm this would be 100% possible. 

 

I don't really want to buy a certificate to be in the same situation if I had just used a self-signed cert, any advice?

Labels (1)
0 Kudos
2 Replies
Kjaspreet
VMware Employee
VMware Employee

Hello! 

Information on how to configure a Relay Server in the Airwatch Console for product provisioning is available in this KB article. 

Additional information is also available in this article. 

Thank you. 

Jaspreet

 

0 Kudos
gmanjohal
Enthusiast
Enthusiast

Thanks Jaspreet, 

it's more to do with the Stage Now product, Zebra have advised to use SN to transfer the internal cert to the scanner first, as that will allow connection to the relay server which is using an internal cert, the problem is the security around using SN in passive mode to transfer the cert initially, I was wondering if anyone had come across a secure way of doing this and not using ftps. 

0 Kudos