Troubleshooting Server & CURL Errors

Hyperspace runs on a LINUX server.  We can host Hyperspace for you or you can procure your own server and run Hyperspace inside your network.

Apple Device Enrollment uses a proprietary Apple certificate (provided by Apple) and CURL to authenticate and send web service requests to the Apple Device Enrollment server. There are several configuration requirements for Hyperspace Apple Device Enrollment for the server. If your IT department has recently upgraded your server or if you are installing Hyperspace Apple Device Enrollment on your own server, it is important to note the following:

OPEN SSL

API calls to Apple Device Enrollment are initiated using CURL with OPEN SSL.  Run a php.info check on your server to make sure that PHP is still using Open SSL.

Screen_Shot_2018-08-24_at_8.13.20_PM.png

Screen_Shot_2018-08-24_at_8.13.36_PM.png

SELinux

Linux is regarded as one of the most secure operating systems you can use today, that is because of its illustrious security implementation features such as SELinux (Security-Enhanced Linux).  SELinux feature or service is enabled by default on most servers.

Please ask your IT department to disable SELinux temporarily and see if that addresses the issue.

Security restrictions in SELinux may be disabling outgoing calls to your Point of Sale or Apple.

Screen_Shot_2018-08-24_at_8.16.43_PM.png

We recognize that we cannot force clients to disable SELinux permanently, but often running this test will expose the issue. This will let you know if Apache has the proper permissions to read the Apple Private Key and Certificate.

If you are unsure how to disable SELinux temporarily, login to your server via SSH and run this command: setenforce 0

You can reference this article which shows how to disable SELinux temporarily until the next reboot or how to permanently disable it.

https://support.plesk.com/hc/en-us/articles/213947705-How-to-disable-SELinux-on-the-server

If there are no CURL errors when SELinux is disabled the issue is most likely your Apache permissions.

To permanently disable SELinux, you can run the following commands:

vi /etc/selinux/config
update SELINUX= enforcing to SELINUX=permissive 

3. If your server is running a proxy, make sure that Apache and PHP are configured to use your proxy. It is always a good idea to run a CURL test via SSH. For example, run this command via SSH:  curl https://www.google.com

90% of the time the issue is related to Apache and allowed permissions to read the Apple private key and Apple certificate.

Apple Firewall Connectivity

To check to see if your server is able to reach Apple's endpoint. You can also run this curl command to check if your firewall can communicate with Apple.

curl -G "https://api-applecareconnect.apple.com/system-service/1.0/check-liveness"

If you get a result of 0, the test was successful.

 

 

 

Was this article helpful?
0 out of 0 found this helpful