Securing Communication using 3rd Party Certificates

Securing corporate data is a top priority in every organization and encryption using third-party certificates is the most secure option. These third-party certificates ensure that the corporate data can only be decrypted if they have the certificate available. Mobile Device Manager Plus allows organizations to secure the communication with the managed devices using SSL and PFX certificates.

This certificate is valid for a specified term. If the certificate expires, then the communication between the ME MDM app and the MDM server will no longer be secure. You will not be able to manage any mobile devices, till you renew the certificates and upload it in the MDM server.

Follow the steps mentioned below to create and upload third Party Certificates:

1. Create CSR and Key Files
2. Submit the CSR to a Certificate Authority (CA) to Obtain a CA Signed Certificate
3. Upload the third party Certificates to Mobile Device Manager Plus

Create CSR and Key Files

To create CSR and Key files, follow the steps mentioned below:

1. In <Installation_Directory>\ManageEngine\MDMServer\apache\bin, create a file titled opensslsan.conf and enter required details as shown below:
   
   

   [req]   default_bits=2048   distinguished_name = req_distinguished_name   req_extensions = req_ext   [ req_distinguished_name ]   countryName = USA   stateOrProvinceName = IL   localityName = Chicago   organizationName = Zylker   commonName = www.zylker.com   [ req_ext ]   subjectAltName = @alt_names   [alt_names]   DNS.1 = *.domain.com   DNS.2 = zylker-it.com   DNS.3 = zylkerteam.com



2. Open Command Prompt and navigate to <Installation_Directory>\ManageEngine\MDMServer\apache\bin directory
3. Execute openssl.exe req -out server.csr -newkey rsa:2048 -nodes -keyout private.key -config opensslsan.conf command
4. This command upon successful execution will create two files titled server.csr and private.key are created.
5. You can verify the details by executing the command: openssl.exe req -noout -text -in server.csr

NOTE: Do not delete the file private.key that is generated.

Submit the CSR to a Certificate Authority (CA) to obtain a CA Signed Certificate

1. Submit created server.csr to CAs. Check their documentation / website for details on submitting CSRs and the cost to be paid to the CA.
2. This process usually takes a few days time after which you'll be provided a signed SSL certificate and the CA's chain/intermediate certificate as .cer files
3. Save these files and rename your signed SSL certificate file to server.crt

Upload the third party Certificates to Mobile Device Manager Plus

1. On the MDM server, click Admin tab
2. Under Security Settings, click Import SSL Certificates
3. Browse to upload the certificate that you have received from the CA. The certificate will be available in .crt format for SSL and in .pfx format for PFX certificates
   1. If you upload a .crt file, then you will be prompted to upload the server.key file.  After uploading the sever.key, you will be prompted to upload the intermediate certificate. If you choose Automatic, then the intermediate certificate will be detected automatically. However when the intermediate certificate is detected automatically, only one certificate will be detected. If you wanted to use your own intermediate certificate, or upload more than one intermediate certificate, then you need to select Manual, and manually upload the certificates.
   2. If you choose to upload a .pfx file, then you will be prompted to enter the password provided by the vendor.
4. Click Save to import the certificate.

You have successfully imported the third party certificates to Mobile Device Manager Plus server. These certificates will be used only when "HTTPS" mode is enabled for communication. Click Admin tab and choose Server Settings, to enable Https mode under General Settings.