Here are some more details for you regarding your inquiry.
MobiControl v14 introduces full support for SHA2 certificates for both the MobiControl services and client certificates issued to devices. By default, all new installations will include certificates with a SHA2 signature algorithm while upgraded environments will continue to use the certificates previously bound to the services, no matter the issuer or signature algorithm. After upgrade, you should consider migrating to SHA2 certificates. While there is no SOTI requirement to do so, not migrating has the following implications:
• As the industry deprecates SHA1 certificates further, web browsers may begin to warn that MobiControl is untrusted despite having trust via the MobiControl root certificate
• Communication with MobiControl components is be considered less secure than the SHA2 alternative
MobiControl v14 also introduces official support for the exclusive use of TLS 1.2. MobiControl leverages the standard communication frameworks provided by Windows to create secure channels of communication with devices. Refer to the following Microsoft KB article on configuring TLS settings:
IMPORTANT: Changing TLS and/or certificates can have a catastrophic impact in the communication MobiControl establishes with devices. Making changes without guaranteeing device trust can result in loosing contact with the device. It is strongly encouraged that you consult the SOTI professional service and support teams for guidance in this matter. For example, Windows Mobile/CE does not support TLS 1.2, and only some devices support for SHA2. You cannot migrate to these later technologies if the devices do not support them.
MobiControl Cloud customers may request changes to certificate and TLS settings via SOTI Support
Technical Support | SOTI Inc. |1.905.624.9828 | email@example.com | www.soti.net |
SOTI v14.0 and up use SHA2 certs. You can choose to downgrade to SHA1 if your devices are not compatible with SHA2.