iOS 5 devices accept only SSL enrollment, you can use a commercial certificate or use an in-house issued one. A commercial certificate doesn't need to proceed with the steps below as the CA will be trusted on the device by default.
The in-house certificate should be created via a CA.
NB. Assuming you have Microsoft CA server in your environment.
1-Create a SSL certificate using CA server, the name of the certificate has to match the URL which the iOS device use for communication.
2- Configure the server name.
3- Automate the CA certificate installation on the iOS devices during enrollment.
a) Export the CA certificate.
b) Add the CA certificate to a payload to be installed during enrollment.
During the enrollment the CA certificate "credentials profile" will be installed before the MDM profile allowing the communication to be trusted successfully.
In case of absence of Microsoft CA server in your environment a following article will explain how to use OpenSSL to create a CA certificate and a web server certificate.
Thanks Mina! This article is great to provide to customers.
Requirement with IOS device enrollment is to use Domain Signed or External SSL certificate. KB as below:
http://www.symantec.com/docs/TECH185013