Certificate Templates / Template Details
Certificate templates allow SOTI MobiControl to create dynamic certificates based on user enrollment or device authentication. For details, see Adding Certificates.
Note: Fields may differ depending on the type of certificate for your template.
| SOTI MobiControl Template Name | Enter a name for your certificate template. | ||||||||||||
| CA Template Name | Enter the name of the certificate authority template. | ||||||||||||
| Profile OID | Enter the certificate profile OID associated with the certificate authority template. | ||||||||||||
| Subject Name | The subject name used to create certificates. Select the gear icon to use macros to build the subject name. Supported macros include Enrolled User Principal Name, User Domain, User Username, User email or a Device Name, MAC Address, Serial Number or Platform. Note: Each certificate type has specific requirements for the
Subject Name field as follows:
|
||||||||||||
| Subject Alternative Names | Select the + icon to expand the Subject Alternative Names section, where you can add subject alternative names for the certificate template - see Subject Alternative Names. | ||||||||||||
| Certificate Target | Choose whether to issue the certificate to a device or a user. Choose Device to decide whether to provision the certificate to authenticated users only and to preserve the private key. If you choose User, both of those options are mandatory. Choosing User offers the best security. | ||||||||||||
| Provision Certificate to Authenticated Users Only | Turn on to restrict access to the certificate to authenticated users only. | ||||||||||||
| Publish certificate to LDAP | Turn on to publish the certificate to the user's record in LDAP. | ||||||||||||
| Preserve Private Key | Turn on to preserve the private key. | ||||||||||||
| Key Size | Choose the size of the key:
|
||||||||||||
| Remove Old Certificates Upon Successful Renewal | Turn on to delete expired certificates from the device after their replacement certificate is successfully installed. | ||||||||||||
| Use Automatic Renewal | Turn on to automatically renew certificates, with no intervention from the device user. | ||||||||||||
| Days Before Automatic Renewal | Specify the interval before a certificate renews. Note: You must turn on the Use
Automatic Renewal to use this setting.
|
||||||||||||
| Key Protection | Decide the protection level of your key. Options are:
|
Note: When testing the functionality of certificate templates, use the default template for
simplicity. If you must use a custom template, do the following:
- In Template properties, under Issuance Requirements, set Authorize Signatures to 1.
- For Policy type required in signature, select Application Policy.
- For Application Policy, select Certificate Request Agent.