Certificate Authorities
Use the Certificate Authorities dialog box to configure certificate authorities and create certificate templates. SOTI MobiControl uses certificate templates to create certificates that are dynamic for each user and device.
You can configure the following certificate authority types:
ADCS
ADCS supports PKI and SCEP configuration types.
PKI
| Name | Enter a name for your certificate authority. |
| Protocol | Choose which protocol SOTI MobiControl uses to communicate with the certificate authority. Options are:
|
| Enrollment URL | Enter the URL you received after installing the Certificate Enrollment Web Service. |
| Policy URL | Enter the URL you received after installing the Certificate Enrollment Policy Web Service. |
| Trusted Root Certificate | If the certificate authority has a self-signed certificate, upload the root certificate here. |
| Enrollment Certificate | Upload the enrollment agent certificate. The enrollment agent certificate is used to sign certificate requests to the ADCS server and is explicitly trusted to request certificates on behalf of other users, for example, the device owner in SOTI MobiControl. |
| Authentication Type | The authentication type to communicate with the certificate authority. Options are:
|
| Authentication Credential Certificate | Upload an Authentication Credential Certificate.
Note: Available only when Certificates is the selected Authentication Type.
|
| Username | The username of the account to communicate with the certificate authority.
Note: Available only when Username/Password is the selected Authentication Type.
|
| Password | The password of the account to communicate with the certificate authority.
Note: Available only when Username/Password is the selected Authentication Type.
|
| Cloud Link Agent | Enter the client certificate that you use to authenticate to the Cloud Link Agent.
Note: This option is applicable only to SOTI MobiControl Cloud customers.
|
SCEP
Note: SCEP can be used only on iOS devices.
| Name | Enter a name for your certificate authority. |
| Use SCEP Client | When enabled, your certificate authority uses a SCEP client. |
| Use Static Challenge | When enabled, a static challenge is used when devices request new certificates. When disabled, a Dynamic challenge is used. Every time a device requests a certificate, a new challenge will be issued. |
| Service URL | Enter the URL received after installing the Certification Authority Web Enrollment role service. |
| Challenge URL | Enter the URL received after installing the Network Device Enrollment role service. |
| Static Challenge | Enter the Static Challenge key here.
Note: Applicable only if Use Static Challenge is enabled.
|
| Thumbprint | Enter the thumbprint for your certificate. |
| Username | The username of the account to communicate with the certificate authority. |
| Password | The password of the account to communicate with the certificate authority. |
| Retries | The number of times a device attempts to obtain a certificate. |
| Retry Delay | The timeout delay between each retry (in seconds). |
| Cloud Link Agent | Enter the client certificate that you use to authenticate to the Cloud Link Agent.
Note: This option is applicable only to SOTI MobiControl Cloud customers.
|
Entrust
| Name | Enter a name for your certificate authority. |
| Configuration Type | Displays the configuration type: PKI. |
| Service URL | The URL provided by Entrust for certification services. |
| Username | The user name used to authenticate. |
| Password | The password used to authenticate. |
Generic SCEP
| Name | Enter a name for your certificate authority. |
| Service URL | The URL of the certificate authority services. |
| Use Static Challenge | When enabled, a static challenge is used when devices request new certificates. When disabled, a Dynamic challenge is used. Every time a device requests a certificate, a new challenge will be issued. |
| Use SCEP Client | When enabled, your certificate authority uses a SCEP client. |
| Static Challenge | Enter the Static Challenge key here. A static challenge must be used if certificates are going to be issued to more than one device.
Note: Applicable only if Use Static Challenge is enabled.
|
| Thumbprint | Enter the thumbprint for your certificate. |
| Retries | The number of attempts a device can make to get a certificate from the SCEP server. |
| Retry Delay | The timeout delay between each retry (in seconds). |
Symantec
| Name | Enter a name for your certificate authority. |
| Configuration Type | Displays the configuration type: PKI. |
| Service URL | The URL of the Symantec certificate authority services. |
| Registration Authority Certificate | The registration authority (RA) certificate. To generate a new RA certificate, click Generate RA Certificate to open the Generate Symantec Certificate dialog box. |