Integration with ManageEngine Mobile Device Manager Plus (MDM)

Overview

Key Manager Plus integrates with ManageEngine Mobile Device Manager Plus (MDM); this integration is achieved through the ManageEngine MDM APIs. Once the integration is done, you can discover and import SSL certificates from the devices managed through your MDM server and store the SSL certificates in the Key Manager Plus repository. You can also deploy SSL certificates from Key Manager Plus to the mobile devices listed in your MDM environment. All the imported SSL certificates are stored in the Key Manager Plus repository, from where you can filter the view based on the OS type such as iOS, Android, Windows, Chrome OS, Mac OS, and Apple tvOS. In addition to that, Key Manager Plus allows you to export instant and periodically scheduled reports of the MDM certificates that are managed in the certificate repository within a selected time period.

1. Prerequisite

2. Discover SSL Certificates from ManageEngine MDM

3. Import and Deploy SSL Certificates

4. Create MDM Certificates Report

1. Prerequisite

The Key Manager Plus - ManageEngine MDM integration requires a valid API key with the necessary permissions. To generate the API server key, follow the below steps in the ManageEngine MDM portal:

1. Navigate to Admin and click Generate Key under API Key Generation.
2. In the pop-up, choose Third-party App as the Application, enter a Service Name, and under Permissions, select the following: CertMgmt (read and write), Devices (read and write), Profiles (read and write).
3. Click Generate Key. Once the new API key is generated, use the copy icon to copy it. This key is necessary to perform certificate discovery in the following discovery steps.

2. Discover SSL Certificates from ManageEngine MDM

Once you have the API server key from the MDM portal, follow the below steps in the Key Manager Plus interface to discover SSL certificates from the devices managed in MDM:

1. Navigate to Discovery >> ManageEngine MDM.
2. Specify the URL of the ManageEngine MDM server and enter the newly generated API Key.
3. Click Import From MDM. Key Manager Plus will establish a secure connection with the MDM server and start importing SSL certificates into the repository.
4. Click Discovery Audit to view the status of the import.

Alternatively, you can also discover and import certificates through the Manage option under SSL >> MDM. This is explained in detail under the subsequent steps.

3. Import and Deploy SSL Certificates

All the SSL certificates discovered from the MDM server are stored in the certificate repository and you can access them from the SSL >> ManageEngine MDM. The ManageEngine MDM tab displays certificate attributes such as the Common Name, Device Name, Issuer, Date of Expiry, Signature Algorithm, and Serial Number. Using the Show drop-down, you can filter the view of the SSL certificates based on the following OS types: iOS, Android, Windows, Chrome OS, Mac OS, and Apple tvOS.

From the ManageEngine MDM tab, you can import, deploy, and manage the SSL certificates discovered from the MDM portal.

3.1 Import SSL Certificates

Follow the below steps to import certificates from the MDM server:

1. If you have not previously discovered certificates through the Discovery tab, navigate to SSL >> MDM and click Manage.
2. In the pop-up that appears, enter the server URL, API server key, and click Save.
3. Click Import From MDM to fetch certificates from the devices in your MDM server.

However, if you have already discovered certificates via the Discovery tab, you can skip this step as your certificates will already be available in Key Manager Plus.

3.2 Deploy SSL Certificates

Key Manager Plus allows you to deploy SSL certificates to the various devices in your MDM server. Follow the below steps:

1. Navigate to SSL >> MDM.
2. Select one or more certificates from the certificates list and click Deploy.
3. In the pop-up that appears, choose a Device Platform, select the required devices from the list of devices associated with your MDM server. Use the checkboxes and select Certificate and/or JKS/PKCS based on your requirement. Click Deploy.
4. To get the deployment status, go to Deploy Audit and click the Get Status option.

Note that the deployment status will not be updated instantly, as ManageEngine MDM puts deployment requests on a queue until the selected device is online. Click the Get Status option whenever you need to get the updated deployment status.

3.3 Show and Delete Certificates

1. You can filter the certificates view using the Show option. Click the Show drop-down and choose the required OS types from the list. The certificates in the table view will be filtered as per your selection.
2. To delete certificates from the table view, select the required certificates using the checkboxes and click Delete from the menu. Click Confirm in the confirmation dialog box.

4. Create MDM Certificates Report

Key Manager Plus offers a provision to export reports of the MDM certificates managed in the Key Manager Plus repository within a selected period. This report provides detailed information on the MDM certificates managed via Key Manager Plus. Additionally, you can schedule periodic generation of MDM certificate reports.

Follow the below steps to create the MDM Certificates Report:

1. Navigate to the Reports tab and click MDM Certificates Report under SSL Reports.
2. This report includes details such as: Common Name, Device Name, Issuer, Date of Expiry, Signature Algorithm, and Serial Number.
3. Click the Show drop-down to filter the report view based on the OS type.
4. Click the Date Filter and choose a time period to view certificates imported within the specified dates.
5. Click the Export drop-down to export this report in PDF & CSV formats, or send via email to the specified recipients.

Click here to learn more about Reports in Key Manager Plus.

Follow the below steps to schedule periodic generation of the MDM certificates report:

1. Go to the Schedule tab.
2. Add a Schedule Name and choose the Schedule Type as Report.
3. Under Report Type, choose MDM Certificates Report.
4. Enter a preferred recurrence type, date and time.
5. Choose a report format and click Save.

Once the schedule is created, Key Manager Plus will periodically generate the MDM Certificates Report on the specified date and time.

Click here to learn more about Schedules in Key Manager Plus.