No Matches Found!
Try with a different search term
Forthcoming iOS12 requires all MDM/EMM solutions to use an SSL certificate with minimum key-length of 2048-bit and using at least SHA2 hashing. Is there similar new requirement(s) for the root certificate in the MDM server?
In particular, can all iOS 10/11 enrolled devices stay under full control by a v10-13 MobiControl server using length-1024-bit self-signed root certificate, when such devices are upgraded to iOS12?
Please see my KB article that explains how to ensure that your devices will continue to be managed by MobiControl after upgrading to iOS 12.
Hi Adil,
I did read about your article on SSL certificate for IOS12 before I posted my question. However, I'm more concerned about MobiControl root certificate, not the SSL certificate.
Only the SSL certificate needs to conform to ATS. The key length of the MobiControl Root certificate can continue to be 1024 bits.
Then, the follow-up question is this:
Many of my corporate and governmental customers have internal security policy to phase out length 1024-bit certificates in the IT infrastructure. Many asked about migration of their existing v11/v12/v13 length-1024-bit MobiControl root certificate to length-2048-bit. As they have hundreds or thousands of device enrolled, they cannot tolerate device recall and re-enrollment.
Someone from Soti support team informed me about the procedure to use MCadmin to install, bind and push the new 2048-bit root certificate to all enrolled devices. However , he hadn't confirmed with me whether or not the old 1024-bit root certificate can eventually be removed from all the migrated devices and from the v11/v12/v13 MobiControl server. Do you have any idea?
If not, the security policy requirement to phase out all length-1024-bit certificate is still not met.
As this is unrelated to the original question, please start a conversation with Support or Professional Services for assistance with this matter.