Mobile Device Enrollment Error: "Invalid Profile" or "Invalid Certificate"
Symptoms
-
"Invalid Profile"
-
A long message containing "Invalid Certificate"
Explanation
When enrolling a mobile device with Jamf Pro, trust is established to allow encrypted communication. If Jamf Pro fails to establish trust, enrollment fails and an error message with "Invalid Profile" or "Invalid Certificate" is displayed on the device.
-
The SSL certificate in Jamf Pro is self-signed
-
The CA certificate is not being installed on the device during enrollment
Resolution
-
Replace the web server certificate in Jamf Pro with the certificate from Jamf Pro's built-in CA.
-
Install a public certificate from a third-party CA.
If the root CA certificate is not being installed on the device during enrollment, ensure that this option is selected in Jamf Pro.
Replace the Web Server Certificate in Jamf Pro with the Certificate from the JSS's Built-in CA
Install a Public Certificate from a Third-party CA
See Enabling SSL on Tomcat with a Public Certificate for instructions.
Ensure that Users Install the CA Certificate During Enrollment
- Log in to Jamf Pro.
- Click Settings.
- Click Global Management.
- Click User-Initiated Enrollment.
- Click Edit.
- On the General pane, ensure that the Skip certificate installation during enrollment checkbox is NOT selected, and then click Save.