Encrypting Personal Recovery Key

Before you begin

You must have the Manage PRK Encryption Certificate permission to manage the PRK Encryption Certificate option under the Global Settings view. See General Permissions for more information.


  1. Turn on Store Personal Recovery Key in MobiControl to enable storage of the personal recovery key in the SOTI MobiControl Server.
  2. Click MANAGE CERTIFICATE. The PRK Encryption Certificate page appears. Provide a certificate, for encrypting the personal recovery key for storage in the SOTI MobiControl Server.
  3. Upload a .p12 file protected with a password. A .p12 file is a certificate which contains the Private and Public keys. SOTI MobiControl generates a Public certificate based on the Private certificate and password provided. The certificate information appears on the PRK Encryption Certificate page.
    Note: SOTI MobiControl uses:
    • The Public certificate across all FileVault payloads for personal recovery key encryption on devices.
    • The Private certificate for decrypting the encrypted PRK when requested from the SOTI MobiControl Web Console‚Äôs Device Information panel.
  4. Go to FileVault configuration and click SAVE AND ASSIGN to send the FileVault profile changes to your devices. Once the FileVault is enabled, the encrypted personal recovery key is stored in the SOTI MobiControl Server.


You have successfully stored the encrypted personal recovery key in the SOTI MobiControl Server! The personal recovery key details are in the SECURITY section in the DEVICE DETAILS tab of the Device Information panel in the SOTI MobiControl Web Console. See Personal Recovery Key Encryption Information for more information.