Securing Communication using 3rd Party Certificates

Every Enterprise has the necessity to encrypt the data which traverses the internet. Using secured communication has not proved to be the most secure way to transmit corporate data, so enterprises have gone a step ahead to get specific third party certificates like SSL, PFX etc. These third party certificates ensures that the corporate data is encrypted in such a way, that only the recipient who owns the certificate can decrypt it. Mobile Device Manager Plus MSP supports using SSL and PFX certificates. Adding these certificates to Mobile Device Manager Plus MSP will secure the communication between the Mobile Device Manager Plus MSP server, and the managed mobile devices.

This certificate is valid for a specified term. If the certificate expires, then the communication between the ME MDM app and the MDM MSP server will no longer be secure. You will not be able to manage any mobile devices, till you renew the certificates and upload it in the MDM MSP server.

Follow the steps mentioned below to create and upload 3rd Party Certificates:

  1. Create CSR and Key Files
  2. Submit the CSR to a Certificate Authority (CA) to Obtain a CA Signed Certificate
  3. Upload the 3rd party Certificates to Mobile Device Manager Plus MSP

Create CSR and Key Files

To create CSR and Key files, follow the steps mentioned below:

  1. Open a command prompt and change directory to <Product_install_Dir>/apache/bin  
  2. Execute following command: 
    openssl req -new -newkey rsa:2048 -nodes -out server.csr -keyout server.key -config ..\conf\openssl.cnf
  3. Once prompted, enter the information required to generate a CSR. A sample key generation section is as follows:
    Loading 'screen' into random state - done
    Generating a 2048 bit RSA private key
    .....++++++
    ......++++++
    writing new private key to 'server.key'
    -----
    You are about to be asked to enter information that will be incorporated into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields, but you can leave some blank. For some fields there will be a default value, If you enter '.', the field will be left blank.
    -----

    Specify the relevant details below for the SSL certificate

    Country Name (2 letter code) [AU]:
    <Your 2-letter country code>
    State or Province Name (full name) [Some-State]:
    <Your state/province>
    Locality Name (eg, city) []: <Your neighbourhood/locality>
    Organization Name (eg, company) []: <Your company name>
    Organizational Unit Name (eg, section) []:
    < Your OU>
    Common Name (eg, YOUR name) []: &t;sub-domain.your-domain.com> This should be the same as you use to connect to the client. For example, if you use FQDN (https://sub-domain.your-domain.com) to access this computer via browser, you should specify it the same way here as sub-domain.yourdomain.com.
    Email Address []: Leave as empty
    Please enter the following 'extra' attributes to be sent with your certificate request
    A challenge password []:
    Leave as empty
    An optional company name []:
    Leave as empty

This operation creates a Key file named server.key and CSR file named as server.csr in the current working directory product_install_dir>/apache/bin.

Submit the CSR to a Certificate Authority (CA) to Obtain a CA Signed Certificate

  1. Submit created server.csr to CAs. Check their documentation / website for details on submitting CSRs and this will involve a cost to be paid to the CA
  2. This process usually takes a few days time and you will be returned your signed SSL certificate and the CA's chain/intermediate certificate as .cer files
  3. Save these files and rename your signed SSL certificate file to server.crt

Upload the 3rd party Certificates to Mobile Device Manager Plus MSP

  1. On the web console, click Admin tab
  2. Under Security Settings, click Import SSL Certificates
  3. Browse to upload the certificate that you have received from the vendor (CA). The certificate will be .crt format for SSL and in .pfx format for PFX certificates
    1. If you upload a .crt file, then you will be prompted to upload the server.key file.  After uploading the sever.key, you will be prompted to upload the intermediate certificate. If you choose Automatic, then the intermediate certificate will be detected automatically. However when the intermediate certificate is detected automatically , only one certificate will be detected. If you wanted to use your own intermediate certificate, or upload more than one intermediate certificate, then you need to choose Manual, and upload them manually.
    2. If you choose to upload a .pfx file, then you will be prompted to enter the password provided by the vendor.
  4. Click Save to import the certificate.

You have successfully imported the third party certificates to Mobile Device Manager Plus server. These certificates will be used only when "HTTPS" mode is enabled for communication. Click Admin tab and choose Server Settings, to enable Https mode under General Settings. You can now see that the communication between the Mobile Device Manager Plus MSP Server and the agents are secure.

 

See Also: Configuring Proxy ServerConfiguring NAT Setting, Configuring Mail Server,Configuring Server Settings, Configuring Remote DB Access, User Administration,Personalize, Data Backup and Restore

 

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine