When users receives on Apple devices the message Invalid MDM Profile after a click on the activation link, this is typically due to an SSL Certificate issue and this guide is intended to show the most common reasons and how to solve them.
Cause Option 1: Faulty Certificate Import
First of all check the Silverback Logs by pressing the Log button next to your administrative username. When you see the entry "Log Entry Keyset doesnt exist = Certificate install in wrong way" check how the SSL Certificate has been imported. The best way is to import it directly with the Silverback SSL Certificate Tool or with mmc. Please make sure not to do this via double-click from Download Folder.
Cause Option 2: Missing Network Service
Check if Network Service has access to the Private Key of the SSL Certificate by a right-click on the certificate. Select All Tasks and Manage Private Keys. Ensure the Network Service has read permissions set.
Cause Option 3: Certificate is not selected
Login as Settings Administrator and navigate to Payload. Ensure the right certificate is selected as Profile Signing Certificate. Restart the IIS in case you need to change the Certificate.
Cause Option 4: Signature Algorithm
In rare cases, there might be an SQL issue, which can be fixed with performing the following SQL Statement
update WebSettings set Value = 'SHA1WithRSAEncryption' where [key] = 'SignatureAlgorithm'
Cause Option 5: Certificate Convertion
If nothing is helping so far, try to convert certificate private key from the CNG to the RSA format using OpenSSL
openssl rsa -in MyCert.key -out MyCert-rsa.key