Dealing with the Apple Server MDM, we have recognized five (possibly different) certificates:
- services protected by certificate (in common, or separated):
- open directory protected by certificate (#1),
- profile manager protected by certificate (#2),
- apple school manager: identity certificate (#3),
- device communication: apple push messages (#4),
- configuration profiles: code signing certificate (#5).
The certificate #4 is available via apple push certificates portal (bound to an Apple-ID). All others can be retrieved by a generic CA - not really related to an Apple-ID.
In fact, the certificate number #2 will be visible on the Web UI and should be matching the official hostname.
What about the other certificates: Any hints how to deal with the four different certificates? Are there any reasons to use distinct certificates ?