Hi Rumen,

DSE and Web Console certificate (and further iOS Profile Signing certificate) is used for enrollment and management of iOS devices as well. So depending on if the new certificate signing authority is trusted by iOS devices or not, we may have to come up with a plan before these changes are made.

For complete details on this process you can create a case with SOTI Support here. 

Please let me know if you have any questions.

Thanks

Hi Rumen,

As I can see that you are using internally signed (MobiControl CA) certificate for the DSE and web console, it is expected to see those warnings if you try to access your web console from another machine which does not have MobiControl Root CA trusted.

You can either purchase a trusted third party certificate and use it as your Web console certificate (please contact SOTI Support as there are some pre-requisites we will have to go through) or if you use MobiCOntrol web console from only one machine, just install the MobiControl Root CA from your MobiControl server on that machine and it will trust the connection in that case.

In any way, there are a few ways to get around the legacy plugin remote control issue. First one will be to uninstall SOTI Remote Control Service from your machine (where you are trying to remote control the device from) and reinstall it for all users. If this does not work, try going to: https://127.0.0.1:38103/ manually in your browser and accept the security warning. After this, you should be able to use the legacy plugin to remote into the devices.

Please let me know if you have any questions.

Thanks

Understood. Does this certificate affect any other functionality except MobiControl web console? How do we obtain the procedure/requirements from support in order to get our own SSL certificate and import it? What is the recommended approach?

Is there a way to have the SOTI generated certificates to have 2048 bit RSA key and also to set Subject Alternative Name? Currently the generated certificates are 1024 bit and do not have SAN which causes problems with Chrome and Firefox even if I import the MobiControl CA certificate.

Thank you.

Currently, MobiControl v14 and above has functionality to generate SHA256 signed certs but the key length is limited to 1024 bits. We are already working to include the functionality to generate certificates with higher key lengths in MobiControl administration Utility and will likely be included in upcoming versions of MobiControl.

Also, the DSE certificate generated in MobiControl v14 has a SAN but I found for any older version, the DSE cert was missing the SAN. So in this case, using a  trusted third party cert will be only the option to address both of these issues. 

Please let me know if you have any questions. 

Thank you. I have already submitted a request to SOTI support, as you suggested, to inquire about specific requirements for obtaining SSL from third party CA.