Kaspersky Security Center

Configuring a reserve iOS MDM Server certificate

April 8, 2024

ID 210607

The iOS MDM Server functionality enables you to issue a reserve certificate. This certificate is intended for use in iOS MDM profiles, to ensure seamless switching of managed iOS devices after the iOS MDM Server certificate expires.

If your iOS MDM Server uses a default certificate issued by Kaspersky, you can issue a reserve certificate (or specify your own custom certificate as reserve) before the iOS MDM Server certificate expires. By default, the reserve certificate is automatically issued 60 days before the iOS MDM Server certificate expiration. The reserve iOS MDM Server certificate becomes the main certificate immediately after the iOS MDM Server certificate expiration. The public key is distributed to all managed devices through configuration profiles, so you do not have to transmit it manually.

To issue an iOS MDM Server reserve certificate or specify a custom reserve certificate:

  1. In the console tree, in the Mobile Device Management folder, select the Mobile Device Servers subfolder.
  2. In the list of Mobile Device Servers, select the relevant iOS MDM Server, and on the right pane, click the Configure iOS MDM Server button.
  3. In the iOS MDM Server settings window that opens, select the Certificates section.
  4. In the Reserve certificate block of settings, do one of the following:
    • If you plan to continue using a self-signed certificate (that is, the one issued by Kaspersky):
      1. Click the Issue button.
      2. In the Activation date window that opens, select one of the two options for the date when the reserve certificate must be applied:
        • If you want to apply the reserve certificate at the time of expiration of the current certificate, select the When current certificate expires option.
        • If you want to apply the reserve certificate before the current certificate expires, select the After specified period (days) option. In the entry field next to this option, specify the duration of the period after which the reserve certificate must replace the current certificate.

        The validity period of the reserve certificate that you specify cannot exceed the validity term of the current iOS MDM Server certificate.

      3. Click the OK button.

      The reserve iOS MDM Server certificate is issued.

    • If you plan to use a custom certificate issued by your certification authority:
      1. Click the Add button.
      2. In the File Explorer window that opens, specify a certificate file in the PEM, PFX, or P12 format, which is stored on your device, and then click the Open button.

      Your custom certificate is specified as the reserve iOS MDM Server certificate.

You have a reserve iOS MDM Server certificate specified. The details of the reserve certificate are displayed in the Reserve certificate block of settings (certificate name, issuer name, expiration date, and the date the reserve certificate must be applied, if any).

See also:

About Kaspersky Security Center certificates

Adding a configuration profile

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.