Using this profile, client certificates can be automatically downloaded to the users’ mobile devices. These certificates can be used for authentication on the Wi-Fi network or on the exchange server. Using these profiles, the users’ mobile devices can automatically Exchange or Wi-Fi profiles.
- First proceed as described here.
- Select Certificate as the profile that you want to add.
The configuration of the certificate profile depends on whether you use Cortado MDM or Cortado Server:
When using Cortado MDM
Make the following settings:
- Profile name: Enter the name of the profile.
- Display name: Enter the name of the profile, as you want it displayed to the users.
- Use single certificate: Select this option to assign the selected certificate to all users of this profile. In this instance, all users get the same certificate. So you can, for example, distribute an Exchange server’s self-signed root certificate.
- Use Password: If you are using a password protected client certificate, i.e. .pfx file with a private key, enter it here.
When using Cortado Server
Make the following settings:
- Profile name: Enter the name of the profile.
- Display name: Enter the name of the profile, as you want it displayed to the users.
- Use single certificate: Select this option to assign the selected certificate to all users of this profile. In this instance, all users get the same certificate. So you can, for example, distribute an Exchange server’s self-signed root certificate.
- One certificate for each profile user: In this case, each user receives a certificate issued specifically for him. Select this option and enter the folder in which the certificates for your users are stored. The certificate profile created this way can be selected in a different profile and then allocated to several users. This automatically prompts a query, whether the certificate for the respective user is present in the selected folder. The certificates must first be appropriately named (e.g. user1.pfx or user1@ourdomain.local.pfx).
- Use Password: If you are using a password protected client certificate, i.e. .pfx file with a private key, enter it here.
- Microsoft Certificate Enrollment: If you have your own certification authority (CA), you can use this option to automatically roll out client certificates. For this purpose, a corresponding certificate template (Enrollment Agent Template) with autoenrollment permission must be configured.
- To do so, open the certification authority on your certificate server. In the context menu (right mouse click) of Certificate Template click on Manage and then double click on Enrollment Agent. Set the CortadoService account as Enrollment Agent. Give the Cortado admin the required Read and Enroll rights.
- Open the Certificate Template context menu again and click on NEW and then on Certificate Template to Issue.
- That makes the template available for the creation of an Enrollment Agent Certificate for the Enrollment Agent (i.e. the CortadoService account) in the next step.
- Now use the CortadoService account to log on to the Cortado server. Open the certificate store under Certificates (Current User) and click on Personal. Open the context menu and click on All Tasks→ Request New Certificate. Proceed through the Wizard and select Enrollment Agent Template Create a certificate for the CortadoService account.
- Now open the Management console on the Cortado server again and enter the Certificate thumbprint of the created certificate and the Certificate template name.
- Further information can be found at Microsoft Technet: https://technet.microsoft.com/en-us/library/cc754154.aspx
Note! After the certificate validity has expired, new certificates are created automatically and distributed to all users and/or devices.