Andy D 0 Posted October 14, 2018 Share Posted October 14, 2018 HI There, I have rolled out the MDM 7 appliance (CentOS) to a client and we would like to change the certificate to a publicly signed SSL certificate. I can find documentation for changing the cert on Windows, but nothing specific to the appliance and I really dont want to break it. Can someone point me in the direction of installing and changing the certificate here? Regards, Andy Denley Old Engineer. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted October 30, 2018 ESET Staff Share Posted October 30, 2018 Hello, HTTPS certificate can be changed via MDM policy and process is for 7.X same in Windows and Linux installations. You probably refer to certificate chain installation into windows certificate store, this is not required on Linux or 7.X Windows as we changed TLS implementation from native to ours. Please be aware of certificate requirements for iOS (ensure that issuer you buy the certificate from has required attributes) https://help.eset.com/esmc_install/70/en-US/mobile.html specifically, SHA-256 signature is required, other requirements are met by MDM 7.X https://help.eset.com/era_install/65/en-US/certificate_mdm_https_requirements.html specifically, hostname properties Apple devices are picky about certificates and it's better to ensure hostname is present as DNS name in Subject Alternative Names extension _and_ as Common Name certificate requirements for MDM 7.X from 7.X we require root CA certificate inside configured pkcs12 (pfx file), we use CA certificate to install trust onto devices. you can import issuer root CA certificate into pkcs12 via OpenSSL or other tools, issuers typically don't include root CA certificate in pkcs12 they provide. HTH Link to comment Share on other sites More sharing options...
Recommended Posts