Managing Certificates
You can add, edit, or remove certificates and certificate bindings for SOTI MobiControl from the Certificates section of the SOTI MobiControl Administration Utility.
The table below summarizes the primary certificates available in the SOTI MobiControl Administration Utility.
| Certificate | Description |
|---|---|
| Deployment Server | Identifies and encrypts deployment server communications. |
| Deployment Server Extensions and Web Console | Identifies and encrypts communications with the deployment server extensions and the console. |
| iOS SCEP Certificate | Signs client certificates delivered via Simple Certificate Enrollment Protocol (SCEP) to Apple devices. These client certificates authenticate the device to SOTI MobiControl. |
| iOS Profile Signing | Signs profile configurations for iOS devices for devices to trust them. |
| SOTI MobiControl Client Certificate Root CA | Signs the client certificates for other (non-Apple) platforms. These client certificates can offer authentication for the device to SOTI MobiControl. |
| SOTI MobiControl IdP Certificate | Identifies SOTI MobiControl to an Identity Provider (IdP). The private key signs requests sent to the IdP. The IdP receives the public key as part of the Security Assertion Markup Language (SAML) configuration process to establish trust with SOTI MobiControl requests. |
| SOTI MobiControl IdP Client Certificate | Signs and validates Java web tokens that SOTI MobiControl uses for internal identity management. |
| SOTI MobiControl Search Certificate | Authenticates the SOTI MobiControl search server to SOTI MobiControl. |
| Cloud Link Certificate | Authenticates a SOTI Cloud Link to SOTI MobiControl. |
Importing Certificates Using the SOTI MobiControlAdministration Utility
You can import certificates using the SOTI MobiControl Administration Utility.
- In the Administration Utility's Certificates page, select the Import button.
- Choose File System as the Source.
- Select root certificates or Deployment Server Extensions/Management Console certificates.
SOTI MobiControl supports the following file
types:
*.p7b and *.cer for Root certificates
*.pfx and *.p12 for Deployment Server Extensions/ Management console certificates:
- Select Open.
- In the Microsoft Management Console, import the certificate into the local computer through the Personal folder.
- In the SOTI MobiControl Administration Utility's Certificates page, select the Import button.
- Choose Local Computer Personal Storage as the Source.
- Select your desired certificate from the list and select Apply.
Best practices for third-party certificates
To get a third-party certificate, you need to generate a Certificate Signing Request (CSR). See SSL Certificates Help.
This applies only if the customer is using a third-party certificate for the SOTI MobiControl deployment server.
-
- Renew your certificate well in advance before it expires.
- After you renew the certificate, import the new certificate to SOTI MobiControl Admin Utility.
- After you import the certificate, manually change the device from offline to online. Check-in the device manually.
- After you check in all the devices, update the certificate on the deployment server service.
- For Deployment Server Extensions (DSE) and web console certificates, apply the same practices for certificate renewal.
If a customer wants to use a wild-card certificate, verify that the domain of the certificate is the same as the fully qualified domain name of the SOTI MobiControl server. Example: If a wild-card certificate is *.mycompany.com, then the fully qualified domain name must be in the format mdm.mycompany.com