Cortado Mobile Solutions

My Tickets
Welcome
Login

Create certificate profile

Using this profile, client certificates can be automatically downloaded to the users’ mobile devices. These certificates can be used for authentication on the Wi-Fi net­work or on the exchange server. Using these profiles, the users’ mobile devices can automatically Exch­ange or Wi-Fi profiles. 

  • First proceed as described here
  • Select Certificate as the profile that you want to add.

The configuration of the certificate profile depends on whether you use Cortado MDM or Cortado Server:

When using Cortado MDM

When using Cortado Server

When using Cortado MDM

Make the following settings:

  • Profile name: Enter the name of the profile.
  • Display name: Enter the name of the profile, as you want it displayed to the users.
  • Use single certificate: Select this option to assign the selected certificate to all users of this profile. In this instance, all users get the same cer­tificate. So you can, for example, distribute an Exchange server’s self-signed root certificate.
  • Use Password: If you are using a password protected client certificate, i.e. .pfx file with a private key, enter it here.

Now you can distribute the newly created profile to users / groups / devices.

  • To do this, select the desired profile in the left-hand column of the management console and click Assign.
  • Now select the users, group templates or devices to whom you want to assign this pro­file. 
Note! You can also assign the profiles under Control Panel→ Users or Group Templates.

When using Cortado Server

Make the following settings:

  • Profile name: Enter the name of the profile.
  • Display name: Enter the name of the profile, as you want it displayed to the users.
  • Use single certificate: Select this option to assign the selected certificate to all users of this profile. In this instance, all users get the same cer­tificate. So you can, for example, distribute an Exchange server’s self-signed root certificate.
  • One certificate for each profile user: In this case, each user receives a cer­tificate issued specifically for him. Select this option and enter the folder in which the certificates for your users are stored. The certificate profile created this way can be selected in a different profile and then allocated to several users. This automatically prompts a query, whether the certificate for the respective user is present in the selected folder. The certificates must first be appropriately named (e.g. user1.pfx or user1@ourdomain.local.pfx).
  • Use Password: If you are using a password protected client certificate, i.e. .pfx file with a private key, enter it here.
  • Microsoft Certificate Enrollment: If you have your own certification authority (CA), you can use this option to automatically roll out client certificates. For this purpose, a corresponding certificate template (Enrollment Agent Template) with autoenrollment permission must be configured.
  • To do so, open the certification authority on your certificate server. In the con­text menu (right mouse click) of Certificate Template click on Manage and then double click on Enrollment Agent. Set the CortadoService account as Enrollment Agent. Give the Cortado admin the required Read and Enroll rights.
  • Open the Certificate Template context menu again and click on NEW and then on Certificate Template to Issue.
  • That makes the template available for the creation of an Enrollment Agent Certificate for the Enrollment Agent (i.e. the CortadoService account) in the next step.
  • Now use the CortadoService account to log on to the Cortado server. Open the certificate store under Certificates (Current User) and click on Personal. Open the context menu and click on All Tasks→ Request New Certificate. Proceed through the Wizard and select Enrollment Agent Template Create a certificate for the CortadoService account.
  • Now open the Management console on the Cortado server again and enter the Certificate thumbprint of the created certificate and the Certificate template name.
  • Further information can be found at Microsoft Technet: https://tech­net.microsoft.com/en-us/library/cc754154.aspx

Note!  After the certificate validity has expired, new certificates are created automatically and distributed to all users and/or devices.

Now you can distribute the newly created profile to users / groups / devices.

  • To do this, select the desired profile in the left-hand column of the management console and click Assign.
  • Now select the users, group templates or devices to whom you want to assign this pro­file. 
Note! You can also assign the profiles under Control Panel→ Users or Group Templates.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.