Managing Certificates

You can add, edit, or remove certificates and certificate bindings for SOTI MobiControl from the Certificates section of the SOTI MobiControl Administration Utility.

Note: Certificates generated in the SOTI MobiControl Administration Utility are pushed down to devices according to the device's update schedule.

The table below provides summaries of the main certificates present in the SOTI MobiControl Administration Utility.

Certificate Description
Deployment Server Identifies and encrypts deployment server communications.
Deployment Server Extensions and Web Console Identifies and encrypts communications with the deployment server extensions and the console.
iOS SCEP Certificate Signs client certificates delivered via SCEP to Apple devices. These client certificates are used to provide authentication for the device to SOTI MobiControl.
iOS Profile Signing Signs profile configurations for iOS devices so the device will trust them.
SOTI MobiControl Client Certificate Root CA Signs the client certificates for other (non-Apple) platforms. These client certificates are used to provide authentication for the device to SOTI MobiControl.
SOTI MobiControl IdP Certificate Identifies SOTI MobiControl to an Identify Provider (IdP). The private key is used to sign requests that are sent to the IdP, and the public key is given to the IdP as part of the SAML configuration process so that the IdP can trust the requests from SOTI MobiControl.
SOTI MobiControl IdP Client Certificate Signs and validates Java web tokens that SOTI MobiControl uses for internal identity management.
SOTI MobiControl Search Certificate Authenticates the SOTI MobiControl search server to SOTI MobiControl.
Cloud Link Certificate Authenticates a SOTI Cloud Link to SOTI MobiControl.

Importing Certificates Using the SOTI MobiControlAdministration Utility

You can import certificates using the SOTI MobiControl Administration Utility.

  1. In the Administration Utility's Certificates page, click the Import button.
  2. Choose File System as the Source.
  3. Select root certificates or Deployment Server Extensions/Management Console certificates. The following file types are supported:

    For root certificates: *.p7b, *.cer

    For Deployment Server Extensions/Management console: *.pfx; *.p12

    File selector for Deployment Server Extensions/Management console certificates.

  4. Click Open.
Note: Alternately, you can import certificates using the Microsoft Management Console first, then the SOTI MobiControl Administration Utility. This includes the types of certificates that are supported by Microsoft. Perform the following steps:
  1. In the Microsoft Management Console, import the certificate into the local computer through the Personal location.
  2. In the SOTI MobiControl Administration Utility's Certificates page, click the Import button.
  3. Choose Local Computer Personal Storage as the Source.
  4. Select your desired certificate from the list and click Apply.