Renewing the SOTI MobiControl Root Certificate

About this task

The SOTI MobiControl Root certificate is automatically generated during the installation of SOTI MobiControl and lasts one year. You must renew it every year to maintain an uninterrupted connection between your devices and SOTI MobiControl. Do not renew the certificate more than necessary as needless renewals can cause device connection issues.

Note:

Security scans that show SOTI MobiControl root certificates lacking CRL and OCSP fields should not be considered a security risk because the DS server has alternative methods of revoking client certificates.

SOTI MobiControl root certificates do not include Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) fields. The root certificate is used for securing communications between the DS server and clients. Client certificates can be revoked by the DS by checking enrollment status and device ID. The Public Key Infrastructure (PKI) mechanism for revoking these client certificates is done on the DS side using other methods. Additionally, if your organization is using its own root certificate, then the DS server and SOTI MobiControl have methods of using CRL and OCSP.

To generate a new SOTI MobiControl Root Certificate:

Procedure

  1. Open the SOTI MobiControl Administration Utility and choose Certificates from the menu on the left side of the window.
  2. Under the Root Certificate Management section, select the SOTI MobiControl Root entry and click Generate to save the certificate to your computer.
  3. A prompt may appear that warns you against generating a new certificate if the current one is still valid. Click Yes to continue.
  4. Click OK once the new certificate has finished generating. SOTI MobiControl will restart its services.