I'm in the middle of setting up an FTPS Relay server to provision and manage our rugged Android estate (we're a Zebra house), however I'm wondering if the following is true, and if possible any workarounds:
Essentially in order for the device to connect to the relay server, it requires a cert (ftps), I'm told if we go down the self-signed certificate route, I would need to first enable the Android keystore & then transfer the certificate prior to enrolment, then begin provisioning. To me this seems surreal as to secure the device for provisioning, I'd need to transfer the cert from a 'non-secure' ftp server.
Second option would be to use a public cert, as the Trusted keystore on the device should automatically trust the cert due to having it's root CA already installed, however Zebra wouldn't confirm this would be 100% possible.
I don't really want to buy a certificate to be in the same situation if I had just used a self-signed cert, any advice?
it's more to do with the Stage Now product, Zebra have advised to use SN to transfer the internal cert to the scanner first, as that will allow connection to the relay server which is using an internal cert, the problem is the security around using SN in passive mode to transfer the cert initially, I was wondering if anyone had come across a secure way of doing this and not using ftps.