PRK Encryption Certificate
Creating a certificate
The administrator must create a self-signed certificate that meets the following
requirements:
Note: You may use any self-signed certificate
application, such as OpenSSL.
Once the OpenSSL tool is downloaded, you need to generate a PKCS#12 certificate as follows:
Create a private key named 'PrivateKey.pem' with key length '2048' using the following command:
openssl genrsa -out PrivateKey.pem 2048
.Generate a certificate request named 'CertificateReq.pem' using the private key you generated:
openssl req -x509 -new -key PrivateKey.pem -out CertificateReq.pem
Export a PKCS#12 file with data from the certificate & private key PEM file you generated.
openssl pkcs12 -export -in CertificateReq.pem -inkey PrivateKey.pem -out PKCSFile.p12
- Upload PKCSFile.p12 under Global Settings > PRK Encryption Certificate.
Key Length | 2048/4096 bits (recommended) |
Key Pair Algorithm | RSA |
Certificate Signing | Sha-256 |
Type | P12 |
Password | Yes |
Adding a new certificate
Select ADD CERTIFICATE to upload a certificate. In the Add Certificate window, select a certificate file and enter the associated password. Select SAVE to add the certificate. Once the certificate upload is complete, the following information appears on the PRK Encryption Certificate page.
Configuration Status | Shows whether the PRK configuration status is active. |
Issuer Name | Shows the certificate issuer's name. |
Uploaded Date | Shows the certificate upload date. |
Expiry Date | Shows the certificate expiry date. |
Understanding certificate expiration
The following table explains what happens before and after a certificate expires.Before expiration | A 30-day notification in the SOTI MobiControl web console precedes certificate expiration. |
After expiration | Certificates expire according to server time (UTC). Once
expired, the following occurs:
|
Replacing a certificate
Select MODIFY to replace an existing certificate with a new certificate. In the
Modify Certificate window, select a new certificate file
and enter the associated password. Select SAVE to add the new
certificate. After the certificate upload is complete, the uploaded certificate
information appears on the PRK Encryption Certificate
page.
Note: Once you upload a new certificate, you must reassign the FileVault
configuration to the targeted device or device groups. Failure to do so may
result in PRK decryption issues. See Reassigning FileVault Configuration for more information.