Certificate Templates / Template Details

Certificate templates enable SOTI MobiControl to create dynamic certificates based on user enrollment or device authentication. For details, see Adding Certificates.

Note: Fields may differ depending on the type of certificate for your template.
SOTI MobiControl Template Name Enter a name for your certificate template.
CA Template Name Enter the name of the certificate authority template.
Profile OID Enter the certificate profile OID associated with the certificate authority template.
Subject Name The subject name used to create certificates.

Select the icon build the subject name using macros. Supported macros include Enrolled User Principal Name, User Domain, User Username, User email or a Device Name, MAC Address, Serial Number or Platform.

Note: Each certificate type has specific requirements for the Subject Name field as follows:
Certificate Type Required Content
ADCS CN=%DEVICENAME%
EJBCA CN=%DEVICENAME%
Entrust igusername = user, iggroup = group, devicetype = device
General SCEP CN=%DEVICENAME%
Symantic seat_id=
Subject Alternative Names Select the + icon to expand the Subject Alternative Names section. You can add subject alternative names for the certificate template. See Subject Alternative Names for more information.
Certificate Target Choose whether to issue the certificate to a device or a user. Choose Device to decide whether to provision the certificate to authenticated users only and to preserve the private key. If you choose User, both of those options are mandatory.
Tip: Choosing User offers the best security.
Provision Certificate to Authenticated Users Only Turn on to restrict access to the certificate to authenticated users only.
Publish certificate to LDAP Turn on to publish the certificate to the user's record in LDAP.
Preserve Private Key Turn on to preserve the private key.
Key Size Choose the size of the key:
  • 1024
  • 2048
  • 4096
  • 8192
Remove Old Certificates Upon Successful Renewal Turn on to delete expired certificates from the device after their replacement certificate is successfully installed.
Use Automatic Renewal Turn on to automatically renew certificates, with no intervention from the device user.
Days Before Automatic Renewal Specify the interval before a certificate renews.
Note: You must turn on the Use Automatic Renewal to use this setting.
Key Protection Decide the protection level of your key. Options are:
  • Protected
  • Protected if Supported
  • Not Protected
Note: When testing the functionality of certificate templates, use the default template for simplicity. If you must use a custom template, do the following:
  1. In Template properties, under Issuance Requirements, set Authorize Signatures to 1.
  2. For Policy type required in signature, select Application Policy.
  3. For Application Policy, select Certificate Request Agent.