How to replace an expiring SSL certificate and MDM profile signing key for Symantec Mobility

book

Article ID: 178615

calendar_today

Updated On:

Products

Mobility Suite

Issue/Introduction

 

Resolution

Content:

How to replace an expiring SSL certificate
Re-sign the mobile device management (MDM) certificate

Note:To replace an expiring SSL certificate, replace the sign.crt, sign.key and gd_bundle.crt in the /usr/local/nukona/certs/configurator/ with the new ones.

How to replace an expiring SSL certificate

  1. Follow HOWTO110248 to transfer the three new certificate files to each Mobility front end (FE); renaming them as necessary to match the names below.  If the SSL certificate provided by the certificate authority (CA) is in PFX (PKCS personal exchange) follow HOWTO106999 to extract the three required certificates.

    /usr/local/nukona/certs/configurator/sign.crt
    Note: This is the PEM formatted public SSL certificate.

    /usr/local/nukona/certs/configurator/sign.key
    Note: This is the key file used to generate the certificate signing request (CSR) for the public SSL certificate.

    /usr/local/nukona/certs/configurator/gd_bundle.crt
    Note: This contains a PEM formatted certificate chain, most often is just the issuing CA certificate.
     
  2. Enter the following, as root, from the FE:
    sudo /etc/init.d/appcenter-services restart

     

Re-sign the mobile device management (MDM) certificate

  1. If the certificate is not already in PKCS format (from step 1 above) then run the following OpenSSL command, as root from the FE, to copy the sign.crt, sign.key and gd_bundle.crt files into a single PKCS file:
    openssl pkcs12 -export -out sign.pfx -inkey /usr/local/nukona/certs/configurator/sign.key -in /usr/local/nukona/certs/configurator/sign.crt -certfile /usr/local/nukona/certs/configurator/gd_bundle.crt
  2. Transfer the sign.pfx file to the workstation following HOWTO110248.
  3. Log into the tenant (https://<tenantFQDN>/admin/login) and navigate to Admin console > Settings > Certificate > Apple / iOS certificates
  4. Scroll down to the bottom of the page, under MDM profile signing key, click Choose File, browse to the sign.pfx (or PKCS file provided by the CA) and click Open.
  5. Scroll back to the top of the page and click .

 

Attachments