You will always want to make sure that your client certificate is indeed trusted by your MobileIron Sentry. This trust is required when apps access your intranet via the MobileIron Sentry tunnel.
Your MobileIron Sentry must be resolvable and accessible over the internet.
Step 1: Generate a client certificate using the same Certificate Authority (CA) trusted by your MobileIron Sentry. See below how to locate the trusted CA in your MobileIron Core:
Step 2: Export the client certificate as a P12/PFX file
Step 3: Import your P12/PFX file into your browser (PC/Mac)
Step 4: Navigate to your MobileIron Sentry URL over HTTPS (e.g. https://my.sentry.com)
Step 5: The browser will ask for a client certificate to be used to connect to the MobileIron Sentry, please select your imported client certificate from the list.
If the browser continues to the next step your client certificate is trusted by the MobileIron Sentry. Otherwise, it is not trusted.
- Optional test: You can openssl command line tool to verify the certificate:
openssl s_client -cert your_certificate.pem -key your_certificate_key.pem -connect your_sentry_url:443 -debug