Post-installation checklist
After you’ve completed the installation here’s a list of things to verify to make sure your installation is working as expected.
Sign in
System Administrator
The system administrator can be used to create additional organizations.
You can sign in to BlueRange as system administrator using the credentials configured in the application.yml or environment variables.
relution:
system:
admin:
password: ''
email: ''SYSTEM_ADMIN_PASSWORD=""
SYSTEM_ADMIN_EMAIL=""For security reasons it is required to change the password after first login.
Organization Administrator
You can sign in to BlueRange as an organization administrator. If you’re using LDAP make sure you can sign in with at least one LDAP user account.
| Check | Result |
|---|---|
Sign in with a local account is possible |
|
Sign in with an LDAP account is possible |
For security reasons we strongly recommend to change the password after first login.
Certificates
Make sure you can connect to BlueRange using its external hostname. Mobile devices can be more strict when it comes to SSL certificate validation. Even if your desktop browser shows a valid HTTPS connection devices may reject the connection if some things are not configured correctly. We highly recommend the use of SSL Labs to verify that everything is set up correctly.
| Check | Result |
|---|---|
You can open https://${hostname} in a browser |
|
Browsers show a secure connection (Chrome, Edge, Firefox, Safari) |
|
SSL Labs reports no errors or warnings |
Common issues:
-
Incomplete certificate chain (missing intermediate certificates). Chrome, Firefox, etc. may ignore this but mobile devices may refuse to sign in
-
The reverse proxy uses Server Name Indication (SNI). This is not supported by some older Android versions. As a workaround, make sure the MDM server’s certificate is the first one that is returned.
Mobile devices refuse the certificate
Possible cause
-
The certificate chain may be incomplete. An incomplete chain is ignored by most desktop browsers but can lead to errors on mobile devices.
Corrective actions
-
Use https://www.ssllabs.com/ to verify whether your SSL certificate is set up correctly. It takes about 5 minutes for the test to complete. Fix any issues that are reported.
Database backups
Make sure you have a working database backup. This is essential in case of a hardware failure or when an update goes wrong.
| Check | Result |
|---|---|
BlueRange’s database is included in automated backups |
|
You can restore the database (to another machine) |
Knox Mobile Enrollment
Make sure you do not change your SSL certificate after you’ve created a profile on Samsung’s portal. The profile sent to the mobile device includes the certificate that Samsung found at the time the profile was created. The mobile device will refuse connection if the server returns a different certificate other than the expected one.
After you’ve changed your certificate (i.e. expiration) make sure to recreate the profile(s) before you attempt to enroll new devices.
Latest BlueRange Client Apps
We always recommend to use the BlueRange apps for iOS and Android from the public app stores which can be found here:
If you want to use the enterprise version of our Android app directly in BlueRange, you can find it at Android.
Support
For support purposes you may want to allow remote access to your BlueRange server. Consider enabling or installing remote access software like Remote Desktop, SSH or TeamViewer. For the best possible security we recommend the use of SSH with key-based authentication. Consider using a separate user account for support personnel (i.e. for security audit purposes). Support typically requires read and write access to BlueRange’s installation directory and the ability to restart the BlueRange service.