Certificates
The Certificates section of the SOTI MobiControl Administration Utility displays the certificates and certificate bindings necessary for device management.
You can update, import, and export certificates from this section.
Root Certificate Management
This section displays the root certificates currently installed on SOTI MobiControl.
| Details | Shows information on the currently selected certificate |
| Generate | Generates a new SOTI MobiControl root certificate.
Note: Do not renew the certificate more than necessary as needless renewals can cause device connection issues.
|
| Export | Exports the currently selected certificate. |
| Import | Allows you to import a certificate. |
| Delete | Deletes the currently selected certificate. |
Security scans that show SOTI MobiControl root certificates lacking CRL and OCSP fields should not be considered a security risk because the DS server has alternative methods of revoking client certificates.
SOTI MobiControl root certificates do not include Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) fields. The root certificate is used for securing communications between the DS server and clients. Client certificates can be revoked by the DS by checking enrollment status and device ID. The Public Key Infrastructure (PKI) mechanism for revoking these client certificates is done on the DS side using other methods. Additionally, if your organization is using its own root certificate, then the DS server and SOTI MobiControl have methods of using CRL and OCSP.
Certificate Bindings
This section displays information on certificates used by the following components:
- Deployment Server
- Deployment Server Extensions and console (used to change certificate for HTTPS binding in browsers)
- iOS SCEP certificate
- iOS Profile Signing
- SOTI MobiControl Client Certificate Root CA
- SOTI Cloud Link
- Signal Service (the server certificate that is linked with the existing Signal Client certificate)
Click Change to update a certificate.