Renewing the SOTI MobiControl Root Certificate

About this task

The SOTI MobiControl Root certificate is automatically generated during the installation of SOTI MobiControl and lasts about 22 to 25 years. You must renew it before it expires to maintain an uninterrupted connection between your devices and SOTI MobiControl. Do not renew the certificate more than necessary because needless renewals can cause device connection issues.

Note: Security scans showing SOTI MobiControl root certificates lacking Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) fields are not security risks. This is because the Deployment Server (DS) has alternative methods of revoking client certificates.

SOTI MobiControl root certificates do not include CRL and OCSP fields. The root certificate secures communications between the DS server and clients. The DS can revoke client certificates by checking the enrollment status and device ID. The Public Key Infrastructure (PKI) revokes client certificates on the DS side using alternative methods. Additionally, if your organization is using its own root certificate, then the DS server and SOTI MobiControl have methods of using CRL and OCSP.

To generate a new SOTI MobiControl Root Certificate:


  1. Open the SOTI MobiControl Administration Utility and choose Certificates from the menu on the left side of the window.
  2. Under the Root Certificate Management section, select the SOTI MobiControl Root entry and select Generate to save the certificate to your computer.
  3. A prompt may warn against generating a new certificate if the current one is still valid. Select Yes to continue.
  4. Select OK once the new certificate has finished generating. SOTI MobiControl begins to restart its services.