Connection Security

To ensure the integrity of the corporate firewall and to provide an additional layer of security for data flowing between the mobile device and the MobiControl Manager(s) and Deployment Server(s) over public networks, SSL Communication Mode is available to provide encrypted communication. When SSL is not enabled MobiControl encrypts all communications using proprietary algorithms. SSL provides the additional benefit of standards-based authentication and encryption security.

This dialog box allows you to enable SSL communication for specific devices. For example, one group of devices which are in your warehouse do not need to use SSL, whereas you do want another group of devices that are in the field and communicating over public networks to use SSL.

The dialog box above allows you to specify the means by which you wish to have the MobiControl system deliver the Device Agent's certificate and private key to the device.

When SSL is enabled, MobiControl acts as its own certificate authority. It generates certificates for the MobiControl entities (Manager, Deployment Server, and Device Agents).

The table below summarizes the three available options for delivering and installing the device's MobiControl certificate:

Option

Description

Automatic delivery and silent installation of certificates

When this option is selected the Deployment Server will automatically deliver the certificate and private key for the device when the device connects. No user interaction is required.

Automatic delivery and prompt for password before installation on device

This option provides additional assurance that only authorized devices receive an SSL certificate and private key. When this option is selected, the Deployment Server will prompt the device user to enter the password specified in this dialog box before it delivers the certificate and private key.

The device will be able to connect and stay online even if a password is not entered, however in this state the device will not receive any packages, or execute file synchronization. The administrative user can remote control the device to assist the device user with entering the password to retrieve the device certificate.

The user will be given several chances to enter the correct password. If the user enters an incorrect password five times, and the Keep Device Connected check box is not selected, the device will be disconnected and disabled. To re-enable the device right-click on it in the device tree and select Enable. If the Keep Device Connected check box is selected, the device will remain online, and as described above, will not be eligible for package delivery or file synchronization but can be remote controlled.

Manual Installation (No automatic delivery or installation)

When this option is selected certificates and private keys will not be automatically delivered to the devices. The certificate and private key must be exported (*.pfx file), and delivered to the device by some means. This could be via email, file transfer, etc.

Note:

Importing certificates is only supported on Windows Mobile 5 devices and Windows desktop clients (Windows 2000/XP).

In all the cases above, the Device Agent stores the certificate and private key into the Windows operating system's personal certificate store. The MobiControl Root CA certificate, on the other hand, is stored in the operating system's trusted root certificate store.

Manual Installation

Export Device Certificate dialog box

When this option is selected, the certificate and private key must be exported (*.pfx file), and delivered to the device via email, file transfer, storage card, etc.

Once the *.pfx file has been delivered to the target device, the user must use the MobiControl applet running on the device to import it. For further information, refer to the SSL Cert tab in the mobile device configuration applet on importing the certificate. (Please see the Mobile Device Configuration Applet page.