PRK Encryption Certificate
Creating a certificate
The administrator must create a self-signed certificate that meets the following
requirements:
Note: You may use any self-signed certificate
application, such as OpenSSL.
| Key Length | 2048/4096 bits (recommended) |
| Key Pair Algorithm | RSA |
| Certificate Signing | Sha-256 |
| Type | P12 |
| Password | Yes |
Adding a new certificate
Select ADD CERTIFICATE to upload a certificate. In the Add Certificate window, select a certificate file and enter the associated password. Select SAVE to add the certificate. Once the certificate upload is complete, the following information appears on the PRK Encryption Certificate page.
| Configuration Status | Shows whether the PRK configuration status is active. |
| Issuer Name | Shows the certificate issuer's name. |
| Uploaded Date | Shows the certificate upload date. |
| Expiry Date | Shows the certificate expiry date. |
Understanding certificate expiration
The following table explains what happens before and after a certificate expires.| Before expiration | A 30-day notification in the SOTI MobiControl web console precedes
certificate expiration.
|
| After expiration | Certificates expire according to server time (UTC). Once
expired, the following occurs:
|
Replacing a certificate
Select MODIFY to replace an existing certificate with a new certificate. In the
Modify Certificate window, select a new certificate file
and enter the associated password. Select SAVE to add the new
certificate. After the certificate upload is complete, the uploaded certificate
information appears on the PRK Encryption Certificate
page.
Note: Once you upload a new certificate, you must reassign the FileVault
configuration to the targeted device or device groups. Failure to do so may
result in PRK decryption issues. See Reassigning FileVault Configuration for more information.