Certificates

Certificates

Hi,

One of my customers is interested in getting more details into the certificates that SOTI mobicontrol uses. I took a look into the utility dashboard and there are all my certificates. When looking into those, I noticed that most of the certificate are sha-1 encrypted. I am on SOTI 13.4. Has Soti already upgraded these certificates to sha-256 in their latest versions?

3 Answers

Order By:   Standard | Newest | Votes
Matt Dermody | posted this 05 February 2019

Yes

  • 0
  • 0
Ben Ragland | posted this 05 February 2019

SOTI v14.0 and up use SHA2 certs. You can choose to downgrade to SHA1 if your devices are not compatible with SHA2.

  • 0
  • 0
Support Staff | posted this 05 February 2019

HI Yannick,

Here are some more details for you regarding your inquiry.  


Communication Security

MobiControl v14 introduces full support for SHA2 certificates for both the MobiControl services and client certificates issued to devices. By default, all new installations will include certificates with a SHA2 signature algorithm while upgraded environments will continue to use the certificates previously bound to the services, no matter the issuer or signature algorithm. After upgrade, you should consider migrating to SHA2 certificates. While there is no SOTI requirement to do so, not migrating has the following implications:

• As the industry deprecates SHA1 certificates further, web browsers may begin to warn that MobiControl is untrusted despite having trust via the MobiControl root certificate

• Communication with MobiControl components is be considered less secure than the SHA2 alternative

 

MobiControl v14 also introduces official support for the exclusive use of TLS 1.2. MobiControl leverages the standard communication frameworks provided by Windows to create secure channels of communication with devices. Refer to the following Microsoft KB article on configuring TLS settings:

https://docs.microsoft.com/en-us/windows-server/security/tls/tls-registry-settings

 

IMPORTANT: Changing TLS and/or certificates can have a catastrophic impact in the communication MobiControl establishes with devices. Making changes without guaranteeing device trust can result in loosing contact with the device. It is strongly encouraged that you consult the SOTI professional service and support teams for guidance in this matter. For example, Windows Mobile/CE does not support TLS 1.2, and only some devices support for SHA2. You cannot migrate to these later technologies if the devices do not support them.

MobiControl Cloud customers may request changes to certificate and TLS settings via SOTI Support

 

Cheers, 

Technical Support | SOTI Inc. |1.905.624.9828 | support@soti.net | www.soti.net |

  • 0
  • 0

Give us your feedback
Give us your feedback
Feedback