Certificates

The Certificates section of the SOTI MobiControl Administration Utility displays the certificates and certificate bindings necessary for device management.

You can update, import, and export certificates from this section.

Note: Certificates generated in the SOTI MobiControl Administration Utility are pushed down to devices according to the device's update schedule.

Root Certificate Management

This section displays the root certificates currently installed on SOTI MobiControl.

Details Shows information on the currently selected certificate
Generate Generates a new SOTI MobiControl root certificate.
Note: Do not renew the certificate more than necessary as needless renewals can cause device connection issues.
Export Exports the currently selected certificate.
Import Allows you to import a certificate.
Delete Deletes the currently selected certificate.
Note:

Security scans that show SOTI MobiControl root certificates lacking CRL and OCSP fields should not be considered a security risk because the DS server has alternative methods of revoking client certificates.

SOTI MobiControl root certificates do not include Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) fields. The root certificate is used for securing communications between the DS server and clients. Client certificates can be revoked by the DS by checking enrollment status and device ID. The Public Key Infrastructure (PKI) mechanism for revoking these client certificates is done on the DS side using other methods. Additionally, if your organization is using its own root certificate, then the DS server and SOTI MobiControl have methods of using CRL and OCSP.

Certificate Bindings

This section displays information on certificates used by the following components:

  • Deployment Server
  • Deployment Server Extensions and console (used to change certificate for HTTPS binding in browsers)
  • iOS SCEP certificate
  • iOS Profile Signing
  • SOTI MobiControl Client Certificate Root CA
  • SOTI Cloud Link
  • Signal Service (the server certificate that is linked with the existing Signal Client certificate)

Click Change to update a certificate.