Creating a certificate of mobile devices

You can create the following types of certificates on a user's mobile device:

Mobile certificates for identifying the mobile device
Mail certificates for configuring the corporate mail on the mobile device
VPN certificate for configuring access to a virtual private network on the mobile device

To create a certificate of mobile devices:

In the console tree, select the Mobile Device Management → Certificates folder.
In the workspace of the Certificates folder, click the Add certificate button to start the Certificate Installation wizard.
At the Certificate type step of the wizard, specify the type of certificate that must be installed on the user's mobile device:
- Mobile certificate
  This certificate is needed for identifying the mobile device.
- Mail certificate
  This certificate is needed for configuring the corporate mail on the mobile device.
- VPN certificate
  This certificate is needed for configuring access to a virtual private network on the mobile device.
At the Selecting device type step of the wizard, specify the type of the operating system on the device:
- iOS MDM device
  Select this option if you want to install a certificate on a mobile device that is connected to the iOS MDM Server by using iOS MDM protocol.
- KES device managed by Kaspersky Security for Mobile
  Select this option if you want to install a certificate on a KES device. In this case, the certificate will be used for user identification upon every connection to the Administration Server.
- KES device connected to Administration Server without user certificate authentication
  Select this option if you want to install a certificate on a KES device using no certificate authentication. In this case, at the final step of the wizard, in the User notification method window you must select the user authentication type used at every connection to the Administration Server.
This step is displayed only if you selected Mail certificate or VPN certificate as the certificate type.
At the User selection step of the wizard, select users, user groups, or Active Directory user groups for which you want to create the certificate.
At the Certificate source step of the wizard, select the method by which the certificate is created.
- To create a certificate automatically by using Administration Server tools, select Issue certificate through Administration Server tools.
- To assign a previously created certificate to a user, select the Specify certificate file option. Click the Browse button to open the Certificate window and specify the certificate file in it.
At the Certificate publishing settings step of the wizard, select the Do not notify the user about a new certificate check box if you do not want to notify the user about certificate creation. In this case, the User notification method step will not be displayed.
At the User notification method step of the wizard, configure the settings of mobile device user notification about certificate creation using a text message or via email.
This step is not displayed if you selected iOS MDM device as the device type or if you selected the Do not notify the user about a new certificate option.
1. In the Authentication method field, specify the user authentication type:
  - Credentials (domain or alias)
    In this case, the user employs the domain password or the password of a Kaspersky Security Center internal user to receive a new certificate.
  - One-time password
    In this case, the user receives a one-time password that will be sent by email or by SMS. This password must be entered to receive a new certificate.
    
    This option changes to Password if you enabled (selected) the Allow the device multiple receipts of a single certificate (only for devices with Kaspersky security applications for mobile devices installed) option in the Certificate publishing settings window.
  This field is displayed if you selected Mobile certificate in the Certificate type window or if you selected KES device connected to Administration Server without user certificate authentication as the device type.
2. Select the user notification option:
  - Show authentication password after the wizard finishes
    If you select this option, the user name, user name in Security Account Manager (SAM), and password for certificate retrieval for each of the selected users will be displayed at the final step of the Certificate installation wizard. Configuration of user notification about an installed certificate will be unavailable.
    
    When you add certificates for multiple users, you can save the provided credentials to a file by clicking the Export button at the last step of the Certificate installation wizard.
    
    This option is unavailable if you selected Credentials (domain or alias) at the User notification method step of the Certificate installation wizard.
  - Notify user of new certificate
    If you select this option, you can configure user notification about a new certificate.
    - By email
      In this group of settings, you can configure user notification about installation of a new certificate on his or her mobile device using email messages. This notification method is only available if the SMTP Server is enabled.
      
      Click the Edit message link to view and edit the notification message, if necessary.
    - By SMS
      In this group of settings, you can configure the user notification about using SMS to install a certificate on mobile devices. This notification method is only available if SMS notification is enabled.
      
      Click the Edit message link to view and edit the notification message, if necessary.
At the Generating the certificate step of the wizard, click Done to finish the Certificate Installation wizard.

After the wizard finishes, a certificate is created and added to the list of the user's certificates; in addition, a notification is sent to the user, providing the user with a link for downloading and installing the certificate on the mobile device. You can delete and reissue certificates, as well as view their properties.

Page top