I am trying to perform SSL Handshake between the iPhone device and my MDM Server. I have used iPhone configuration Utility (iPCU) and configured SCEP and MDM. SCEP works fine, the device receives the issued certificate from the CA.

In the MDM Payload, I have used the subject of the APNS certificate in the topic and entered the server IP with port 1234. As an identity, I have used the identity of the SCEP Certificate.

The iPhone generates the key and enrolls successfully, but then when it tries to install the profile by contacting the MDM server, I receive this error in the IPCU console: The server certificate for https://[IP here]:1234 is invalid

In my MDM Server application which is programmed using C#.NET complains that AuthenticationException:the SSPI has failed because the context has expired and can no longer be used. So my question is, what certificate should I have on my MDM server - is it the MDM certificate received from the iOS Provision portal, the Apple push certificate of the customer or the certificate of the SCEP Server?

If someone could answer this question, I would be really grateful as I Have spent hours and I can't figure it out.

When an iOS device is registering with your MDM service, it needs to know it is talking to the correct server. Your MDM server's SSL certificate helps it do this. This certificate is just like other web service certificates and will have as its CN (common name) the name used in the URL that the iOS device uses to enroll in your MDM service. For example, if the MDM enrollment URL is https://mymdmservice.mydomain.com the CN would be mymdmservice.mydomain.com.

The MDM service's certificate signing chain needs to be recognized by the mobile device. In particular, you could use any certificate issued by one of the usual registrars (e.g., Verisign or Comodo).

You can use a self-signed certificate, but you would have to add it to the device's trusted root certificate store (see http://fixmyitsystem.com/2012/01/install-corporate-pki-root-ca-on-ios.html).