Can enrolled devices upgraded to the forthcoming iOS12 stay under full control in an old (v10-v13) implementation using 1024-bit MobiControl Root Certificate?
I did read about your article on SSL certificate for IOS12 before I posted my question. However, I'm more concerned about MobiControl root certificate, not the SSL certificate.
Only the SSL certificate needs to conform to ATS. The key length of the MobiControl Root certificate can continue to be 1024 bits.
Then, the follow-up question is this:
Many of my corporate and governmental customers have internal security policy to phase out length 1024-bit certificates in the IT infrastructure. Many asked about migration of their existing v11/v12/v13 length-1024-bit MobiControl root certificate to length-2048-bit. As they have hundreds or thousands of device enrolled, they cannot tolerate device recall and re-enrollment.
Someone from Soti support team informed me about the procedure to use MCadmin to install, bind and push the new 2048-bit root certificate to all enrolled devices. However , he hadn't confirmed with me whether or not the old 1024-bit root certificate can eventually be removed from all the migrated devices and from the v11/v12/v13 MobiControl server. Do you have any idea?
If not, the security policy requirement to phase out all length-1024-bit certificate is still not met.
As this is unrelated to the original question, please start a conversation with Support or Professional Services for assistance with this matter.