Signing certificates
MobileIron Access uses standard PKI to sign authentication requests and assertions used for federation. A default signing certificate is created for every MobileIron Access instance. If you do not want to use the default certificate, you can generate a new signing certificate in the Access administrative portal or add a PKCS 12 file containing a certificate and private key to use for signing federation messages.
| • | Adding a signing certificate in MobileIron Access |
| • | Generating a signing certificate in MobileIron Access |
Note The Following:
| • | SSL certificates should not be used in lieu of the signing certificate. This use case is not supported. |
| • | You can use the same signing certificate for the SP as well as the IdP. |
Adding a signing certificate in MobileIron Access
The following provides the steps for adding a signing certificate in MobileIron Access.
Before you begin
| • | Ensure that you have a PKCS 12 format file (.PFX or .P12) that contains your signing certificate and corresponding private key. |
Procedure
| 1. | In the service provider or identity provider configuration, click Advanced Options. |
| 2. | Click Add a new certificate. |
| 3. | Enter the following information: |
|
Item |
Description |
|
Certificate Name |
Enter an identifying name for the signing certificate. |
|
Certificate Password |
Enter the password for the signing certificate. |
|
Choose File |
Click to navigate to the location of the certificate or drag and drop the certificate to this location. |
| 4. | Click Add Signing Certificate to add the signing certificates. |
The certificate is available to select from the Signing Certificate drop-down list.
The certificate is also listed in the Access Certificates tab.
Generating a signing certificate in MobileIron Access
The following provides the steps for generating a signing certificate in MobileIron Access.
Procedure
| 1. | In the service provider or identity provider configuration, click Advanced Options. |
| 2. | Click Generate certificate to generate and add the signing certificate. |
| 3. | For Certificate Name, enter a name to identify the signing certificate. |
| 4. | Click Generate Signing Certificate. |
The Certificate Name displays in the Signing Certificate drop-down list.
The certificate is also listed in the Access Certificates tab.