|
Specifies whether the services other than Device Enrollment Service (DES) and re-directed file server using DES use embedded public root CA certificates.
DES always uses the embedded public root CA certificates. For the re-directed file server using DES, the embedded public root certificates are used if DES service did not provide private CA.
If DES provides private CA, then the embedded public root CA certificates are ignored (however if DES is re-triggered from admin menu and private CA is provided from DES then the embedded public root CA certificates will be used according to ENABLE_PUBLIC_CA_CERTS).
For rest of the services, this parameter controls whether embedded public root CA certificates are used (in addition, to downloaded trusted certificates) or not (only downloaded trusted certificates are used).
If DES did not provide private CA, then the ENABLE_PUBLIC_CA_CERTS is set to "1" without ability to change it. If DES provides private CA, then this parameter is configurable (in such case, TRUSTCERTS shall include DES service private CA, else the phone will not be able to re-connect to the re-directed file server).
For cases where DES is not used, then the parameter is fully configurable and if ENABLE_PUBLIC_CA_CERTS is "0" and no downloaded trusted certificates (TRUSTCERTS=="") then the phone trusts for any HTTP/S file server for configuration / image download and fails with rest of services (PPM/SIP, AADS, etc.). If either ENABLE_PUBLIC_CA_CERTS is "1" and/or TRUSTCERTS<> "" then the service must have identity certificate that can be validated using the embedded public root CA certificates (if ENABLE_PUBLIC_CA_CERTS is "1") or downloaded trusted certificates (if TRUSTCERTS <>"") - there is no exception to configuration and software files download from the HTTP/S file server.
|
