MDM Certificate Management

MDM-Managing Digital Certificates

Almost all enterprises today, entertain using mobile devices for corporate needs. Mobility of devices, also implies mobility of corporate data. Securing corporate data becomes an essential and challenging task for every enterprise. Here arises the need for the mobile device management, where the MDM solution should ensure that, the access to corporate data should be restricted to specific devices and users. Mobile Device Manager Plus simplifies this task, by facilitating administrators to distribute the Digitally signed certificates to the managed devices. So administrators cannot be accessed from a device, which does not have the certificates installed on it. This ensures that, the corporate data is secure from being accessed on any unauthorized or imprudent attack.

Enterprises get these digitally signed certificates from vendors, and configure the same on the respective servers, like Exchange server, VPN and WiFi. These certificates are then added to Mobile Device Manager Plus in order to distribute  them using to the managed mobile devices.  These digital certificates are added to the Mobile Device Manager Plus certificate repository. The two types of digitally signed certificates are:

Global Certificates

Administrators get a single certificate from the vendor, this single certificate can be used to authenticate all the users in the enterprise. This certificate can has the privilege to authenticate all the users  to access one or more corporate resources like Email, VPN and WiFi. Global certificate need to be configured in the respective servers, like Exchange Server, VPN or WiFi. Certificates should be distributed to all the managed devices. In such cases, only the devices on which the certificate is installed will have permission to access the corporate resource.

User-Specific Certificates

Administrators need to get certificates from the vendor for every user. Every certificate can be distributed to only one user. Certificates can be used to authenticate the user to access one or more corporate resource like Email, VPN and WiFi. These certificates need to be configured in the respective servers, like Exchange Server, VPN or WiFi. When these certificates are being configured in the server, user details will also be specified, so that if the certificate is can be used only for the user registered in the Server. Certificates cannot be distributed to any users.

User-Specific Certificates will work, only based on the following conditions:

  1. Certificates need to be added to the respective corporate servers like Exchange, VPN and WiFi and associated to the users
  2. Certificates need to be added to the Mobile Device Manager Plus Certificate Repository and the user should be specified
  3. Certificates should be added to the profiles that are created
  4. Profiles should be associated to the correct user, to whom the certificates are added.

This section will explain you about various stages involved in using Mobile Device Manager Plus to distribute/remove digital certificates.

Adding User-Specific Certificates to Certificate Repository

Administrators can add the Certificates to the Certificate Repository by following the steps mentioned below:

  1. Click MDM Tab
  2. Under Manage, choose Certificate Repository
  3. Choose Global/User-Specific Certificates view
  4. Click Add Certificate and specify the following:
    1. Specify the name of the certificate
    2. Upload the User-Specific Certificate, received from the vendor
    3. Specify the certificate's password
    4. Specify the category of the certificate like, Default or choose the certificate category from the available list. You can also create a new category by clicking on Create New
    5. Specify the User to whom the certificate needs to be associated (this is applicable only for User-Specific Certificate)
  5. Click Add Certificate to add the certificate to the repository.

You can see that the certificate has been added to the Certificate Repository. It can now be used to authenticate users access the corporate resources. This ensures that unauthentic users will be restricted from accessing the corporate data.

Modifying User-Specific Certificates

Administrators can modify  the Certificates, that has been added to the Certificate Repository by following the steps mentioned below:

  1. Click MDM Tab
  2. Under Manage, choose Certificate Repository
  3. Choose Global/User-Specific Certificates view
  4. Select the Certificate that needs to be modified and click edit button under Actions.  You can modify the following:
    1. Name of the certificate
    2. Latest version of the certificate
    3. Certificate's password
    4. Category of the certificate from the available list. You can also create a new category by clicking on Create New
    5. User to whom the certificate is associated (this is applicable only for User-Specific Certificate)
  5. Click Modify Certificate to save the changes.

You can see that the certificate has been modified in the Certificate Repository. When the certificate is modified, it will be automatically applied to all the profiles, which means it will impact the existing users.  

Various Examples:

  1. A Use-Specific certificate named Default_Corporate  has privilege to authenticate users, to access WiFi, VPN and Email. If this certificate is modified to restrict the privilege to VPN and WiFi, then users will not be allowed to access VPN and WiFi.
  2. A User-Specific certificate named Default_Corporate  has privilege to authenticate users, to access only  WiFi. If this is modified to add privileges to access VPN and Email, then it will not benefit the existing users. It will applied to the users to whom the profile is associated henceforth.
  3. A User-Specific certificate named Default_Corporate  has privilege to authenticate users, to access only  WiFi. If the users associated to the certificate is modified, then the previous user will be restricted from access the corporate resource and the new user will have privilege to access the corporate resource.

Removing User-Specific Certificates

Administrators can remove the Certificates, that has been added to the Certificate Repository by following the steps mentioned below:

  1. Click MDM Tab
  2. Under Manage, choose Certificate Repository
  3. Choose User-Specific Certificates view
  4. Select the Certificate that needs to be modified and click remove button under Actions.  
  5. Click the confirmation message to remove the Certificate from the certificate repository.

You can see that the certificate has been removed from the Certificate Repository. When the certificate is removed, it will be impact all the associated users, from accessing the corporate resources.

 

 

 

Copyright © 2005-2015, ZOHO Corp. All Rights Reserved.
ManageEngine