Restoring MDM Server Certificates


1. RestoreBackup of the Management Utilities

2. Import MDM Trusted Root Certificate

3. Import Personal Apple Push Certificate

4. Import into IIS Server Certificate Personal MDM Certificate

5. Bind Port to SSL Certificate HASH



**PLEASE NOTE** - If you are restoring to a server that has a different IP Address than the original please re configure your firewall port forwarding for the port used in the MDM Server to route to this new IP address - if this is not updated you will loose connectivity to all of your MDM Managed Devices. 


Also Update your Site Manager IP address in Service if you have changed IP Address.



Importing MDM Trusted Root Certificate



Select Trusted Root Certificate - Right Click to open up the menu, select All Tasks and choose Import




This will open up the Import wizard - press Next




Browse to where you have the certificate you wish to import



Select the certificate file



Press Next



Enter the Password that was used when exporting the certificate, select Mark this Key as Exportable and Include all extended properties




Press Finish to complete the import





Restoring the Apple Push Server Certificate



Select Personal Certificate - Right Click to open up the menu, select All Tasks and choose Import




This will open up the Import Wizard



Browse to where you have the certificate to import - Press Next




Select Place All Certificates in the Personal Certificate Store



Press Finish to complete the Import








Importing the Trusted MDM Server Certificate into the Internet Information Services (IIS) Server Certificates



Open Internet Information Services (IIS ) Manager


On the left hand tree click on the server - then select Server Certificate in the main panel - then Select Import on the right hand menu




Select the Trusted Root MDM Certificate file - enter the password used when exporting the certificate.





Binding MDM Server Port to SSL Certificate Imported


Now the certificate has been imported we need to bind the certificate to the port used for the secure MDM Server


Open up a command shell and run as administrator



Type in netsh




Now type in the following to bind the certificate ID to the port - change the port number to the MDM server port used on your configuration - this can be found on the MMD Administration page


Follow the instructions below to obtain the certhash for your certificate



Open up notepad and paste in the command line, then you can edit this - when pasting into the command shell, check to make sure the ? character is not inserted after the certhash=


http add sslcert ipport=0.0.0.0:18032 certhash=61cbc790c7eb9a9b8df67071f52a70f4af36e96 appid={0482bcfc-e80e-49c7-b83a-8a7750458cae}




To get your certificate cert hash which is required for the binding command double click on the MDM Certificate within Trusted Root Certificate




Click on the Details tab and select Thumbprint - copy these values into notepad and remove the spaces - the paste into your netsh command