Restoring MDM Server Certificates
Restoring MDM Server Certificates
1. RestoreBackup of the Management Utilities
2. Import MDM Trusted Root Certificate
3. Import Personal Apple Push Certificate
4. Import into IIS Server Certificate Personal MDM Certificate
5. Bind Port to SSL Certificate HASH
**PLEASE NOTE** - If you are restoring to a server that has a different IP Address than the original please re configure your firewall port forwarding for the port used in the MDM Server to route to this new IP address - if this is not updated you will loose connectivity to all of your MDM Managed Devices.
Also Update your Site Manager IP address in Service if you have changed IP Address.
Importing MDM Trusted Root Certificate
Select Trusted Root Certificate - Right Click to open up the menu, select All Tasks and choose Import
This will open up the Import wizard - press Next
Browse to where you have the certificate you wish to import
Select the certificate file
Press Next
Enter the Password that was used when exporting the certificate, select Mark this Key as Exportable and Include all extended properties
Press Finish to complete the import
Restoring the Apple Push Server Certificate
Select Personal Certificate - Right Click to open up the menu, select All Tasks and choose Import
This will open up the Import Wizard
Browse to where you have the certificate to import - Press Next
Select Place All Certificates in the Personal Certificate Store
Press Finish to complete the Import
Importing the Trusted MDM Server Certificate into the Internet Information Services (IIS) Server Certificates
Open Internet Information Services (IIS ) Manager
On the left hand tree click on the server - then select Server Certificate in the main panel - then Select Import on the right hand menu
Select the Trusted Root MDM Certificate file - enter the password used when exporting the certificate.
Binding MDM Server Port to SSL Certificate Imported
Now the certificate has been imported we need to bind the certificate to the port used for the secure MDM Server
Open up a command shell and run as administrator
Type in netsh
Now type in the following to bind the certificate ID to the port - change the port number to the MDM server port used on your configuration - this can be found on the MMD Administration page
Follow the instructions below to obtain the certhash for your certificate
Open up notepad and paste in the command line, then you can edit this - when pasting into the command shell, check to make sure the ? character is not inserted after the certhash=
http add sslcert ipport=0.0.0.0:18032 certhash=61cbc790c7eb9a9b8df67071f52a70f4af36e96 appid={0482bcfc-e80e-49c7-b83a-8a7750458cae}
To get your certificate cert hash which is required for the binding command double click on the MDM Certificate within Trusted Root Certificate
Click on the Details tab and select Thumbprint - copy these values into notepad and remove the spaces - the paste into your netsh command