How to Renew/Replace SSL Certificate on Mobile Iron MDM Server

0608d9febb596d76b881b3c767ef1832_400x400[1]Login to Mobile Iron Mics

Go to Security then Certificate Mgmt

Click Manage Certificates , then Choose Generate CSR , Enter Details and use correct Key Length with the Certificate Provider. After Clicking Generate , copy the CSR Request as well as the private key text into Notepad

Use the CSR to generate a Certificate Request from a Third Party e.g. Digicert.

Download the .CER from the Provider as well as any Root Certs ( DigiCert there is one )

Edit the .CER File in Windows Notepad and add the Private Key Text to the top , as well as the Root Cert text in Order e..g

 

<—-Private key Start—–>

<—-Private key End—–>

<—-Root key Cert Start—–>

<—-Root key Cert End—–>

<—-MDM Certificate key Cert Start—–>

<—-MDM Certificate key Cert Close—–>

Save this as Cert without a file type

Upload this to Mobile Iron’s Client TLS and Portal HTTPS

 

VN:F [1.9.22_1171]
Rating: 8.3/10 (4 votes cast)
VN:F [1.9.22_1171]
Rating: +5 (from 5 votes)
How to Renew/Replace SSL Certificate on Mobile Iron MDM Server, 8.3 out of 10 based on 4 ratings

Tags: CER, Certificate Mgmt, Client TLS, invalid root certificate, Manage Certificates, mobile iron, MobileIron, Portal HTTPS, Renewal, SSL

Trackback from your site.

  • Thanks, helped me a lot, since the mobileiron support site is cr*p

    VA:F [1.9.22_1171]
    Rating: 5.0/5 (1 vote cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Jeremy

    So … where do I get the Private Key data from? Is it the CSR?

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Nope , Private key from Mobile Iron , CSR you also get from Mobile iron and give this to a third party e.g. godaddy to generate MDM Certificate

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VN:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Arash

    Hi,

    I follow the instructions you provided and now it’s asking me “PKCS12/PFX format requires password. (current filename is XYZ.Crt)” ?

    I didn’t put any password when I generated CSR and Private Key, why is asking for it?!

    Thanks
    Arash

    VA:F [1.9.22_1171]
    Rating: 4.0/5 (1 vote cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • Use a .cer certificate not .CRT

    VN:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VN:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • CameronT

    Hi, I am trying to import the new Root CA and VSP server certificates into the VSP appliance and am getting the same “PKCS12/PFX format requires password..” error, but there was no password in any of the CSR process or in the 3rd party CA responses.
    The above comment saying use CER instead of CRT is not working, because the CRT files I received frmo the CA I have already converted to .CER using the Microsoft Export Wizard. (Base64 I assume, not DER?)
    So what is wrong in my case??

    VA:F [1.9.22_1171]
    Rating: 0.0/5 (0 votes cast)
    VA:F [1.9.22_1171]
    Rating: 0 (from 0 votes)
  • CameronT

    Update: i have managed to get the new certificate to import to the Portal HTTPS and Client TLS certificates successfully!

    The method I used was to separately specify/include each certificate rather than try combine into one file. Viz: the private key (text file), the new server certificate (Base64 .CER), the root CA certificate (Base64 .CER), the intermediate CA certificates (Base64 .CER, not chain/combined), all entered individually.
    otherwise I was getting either the above PKCS12/PFX error (despite not having that format anywhere) or an “invalid root certificate” type message (despite using the identical .CER files to concatenate into the combined file)

    VA:F [1.9.22_1171]
    Rating: 5.0/5 (1 vote cast)
    VA:F [1.9.22_1171]
    Rating: +1 (from 1 vote)