HTTP/HTTPS

HTTP is the foundational application protocol for transmitting hypermedia documents on the web, while HTTPS is its secure variant that encrypts communication using TLS/SSL.

What to Know

HTTPS is absolutely non-negotiable for MDM operations. All device-to-server communication, including enrollment, command execution, inventory reporting, and profile delivery, occurs over HTTPS to protect sensitive data from interception. MDM servers must present valid TLS certificates trusted by devices, and certificate validation failures will prevent enrollment and block management commands. The shift from HTTP to HTTPS across the entire Apple ecosystem means modern devices enforce HTTPS connections through App Transport Security (ATS) policies that reject insecure HTTP connections by default.

Certificate validity, proper hostname matching, and trusted certificate authority chains are prerequisites for MDM functionality. Organizations must maintain valid certificates, renew them before expiration, and ensure intermediate certificates are properly configured. HTTPS also provides authentication — devices verify they’re connecting to the legitimate MDM server, and mutual TLS can authenticate devices to the server using client certificates.

Common Scenarios

Enterprise IT: Corporate MDM servers require valid HTTPS certificates from trusted CAs or properly deployed internal CAs with root certificates distributed to devices. IT must monitor certificate expiration and coordinate renewals to prevent service outages. Load balancers and reverse proxies must be configured to properly terminate HTTPS connections while preserving client certificate authentication if used. Certificate errors are among the most common causes of enrollment failures and check-in issues.

MSP: MSPs must manage HTTPS certificates for hosted MDM infrastructure and ensure proper certificate coverage for all client-facing domains. Wildcard or SAN certificates simplify management when hosting multiple client instances. MSPs should implement automated certificate renewal through services like Let’s Encrypt or enterprise certificate management platforms. Client-specific custom domains require coordination with client DNS and certificate provisioning processes.

Education: Educational institutions must ensure MDM server certificates are valid and trusted by student devices, including personal BYOD devices that may not trust internal CAs. Public CA certificates simplify deployment but require annual renewal and cost considerations for large deployments. School networks with SSL inspection proxies must exclude MDM traffic to prevent certificate validation failures that break enrollment and check-ins.

In Addigy

Addigy’s cloud-based MDM infrastructure handles all HTTPS certificate management automatically, using industry-standard certificates trusted by all Apple devices. Administrators do not need to manage certificates, configure web servers, or troubleshoot TLS issues — Addigy’s infrastructure maintains valid certificates and secure HTTPS endpoints. Addigy enforces HTTPS for all API access, web console access, and device communication.

For organizations connecting Addigy to internal services (LDAP, SCIM, webhooks), admins must ensure those endpoints use valid HTTPS certificates or explicitly configure trust relationships. Addigy’s platform provides visibility into connectivity issues and certificate validation failures during integration setup, helping admins troubleshoot HTTPS-related problems with external services.