Restoring MDM Server Certificates

1. RestoreBackup of the Management Utilities

2. Import MDM Trusted Root Certificate

3. Import Personal Apple Push Certificate

4. Import into IIS Server Certificate Personal MDM Certificate

5. Bind Port to SSL Certificate HASH

**PLEASE NOTE** - If you are restoring to a server that has a different IP Address than the original please re configure your firewall port forwarding for the port used in the MDM Server to route to this new IP address - if this is not updated you will loose connectivity to all of your MDM Managed Devices. 

Also Update your Site Manager IP address in Service if you have changed IP Address.

Importing MDM Trusted Root Certificate

Select Trusted Root Certificate - Right Click to open up the menu, select All Tasks and choose Import

This will open up the Import wizard - press Next

Browse to where you have the certificate you wish to import

Select the certificate file

Press Next

Enter the Password that was used when exporting the certificate, select Mark this Key as Exportable and Include all extended properties

Press Finish to complete the import

Restoring the Apple Push Server Certificate

Select Personal Certificate - Right Click to open up the menu, select All Tasks and choose Import

This will open up the Import Wizard

Browse to where you have the certificate to import - Press Next

Select Place All Certificates in the Personal Certificate Store

Press Finish to complete the Import

Importing the Trusted MDM Server Certificate into the Internet Information Services (IIS) Server Certificates

Open Internet Information Services (IIS ) Manager

On the left hand tree click on the server - then select Server Certificate in the main panel - then Select Import on the right hand menu

Select the Trusted Root MDM Certificate file - enter the password used when exporting the certificate.

Binding MDM Server Port to SSL Certificate Imported

Now the certificate has been imported we need to bind the certificate to the port used for the secure MDM Server

Open up a command shell and run as administrator

Type in netsh

Now type in the following to bind the certificate ID to the port - change the port number to the MDM server port used on your configuration - this can be found on the MMD Administration page

Follow the instructions below to obtain the certhash for your certificate

Open up notepad and paste in the command line, then you can edit this - when pasting into the command shell, check to make sure the ? character is not inserted after the certhash=

http add sslcert ipport= certhash=61cbc790c7eb9a9b8df67071f52a70f4af36e96 appid={0482bcfc-e80e-49c7-b83a-8a7750458cae}

To get your certificate cert hash which is required for the binding command double click on the MDM Certificate within Trusted Root Certificate

Click on the Details tab and select Thumbprint - copy these values into notepad and remove the spaces - the paste into your netsh command