IBM MaaS360

 View Only

Streamlining Certificate Management for iOS Devices with MaaS360

By Navya Kedlaya posted 14 days ago

  

Introduction:


Digital certificates are essential for verifying identity and securing connections between network devices. They serve as an electronic method of authentication, facilitated by a trusted third party. This process helps organizations ensure that only authorized users and devices can access their networks, confirming the identity of both the device and its owner.

Although certificates can be freely distributed, protecting associated identities is critical. Identities are commonly used for authentication, digital signing, or encryption.

The certificate and identity formats supported by Apple devices include:

  • Certificate: .cer, .crt, .der, .pem
  • Identity: .pfx, .p12

Certificates can be manually deployed to Apple devices using Mobile Device Management (MDM) solutions. Apple provides certificate payloads for distribution, while platforms like IBM’s MaaS360 offer a seamless approach to managing and distributing certificates for devices enrolled in MDM solutions.

Define PKCS certificate?

A PKCS certificate refers to a digital certificate that adheres to one of the standards defined by the Public Key Cryptography Standards (PKCS). These standards were developed by RSA Security in collaboration with other industry leaders to promote secure communication using public key infrastructure (PKI). Each PKCS standard defines specific practices or formats for handling cryptographic operations, including certificates.

  • Enable secure communication by authenticating identities and encrypting data.
  • Facilitate tasks such as digital signatures, SSL/TLS encryption, and secure email (S/MIME).
  • Commonly used in enterprise environments to authenticate users, devices, or applications.

In summary, a PKCS certificate aligns with these widely adopted standards to ensure secure and interoperable cryptographic processes.

Common PKCS Standards Related to Certificates and supported by MDM:

  1. PKCS1 - PKCS#1 is not a certificate format but a standard for the RSA cryptographic algorithm, its padding schemes, and the encoding of RSA keys. Certificates using RSA often incorporate PKCS#1-encoded keys within their structure.

  1. PKCS12 - A PKCS#12 (.pfx) file is a bundled file that includes both the private key and the X.509 certificate, ready for installation on servers like IIS, Apache Tomcat, or Exchange. Generating a Certificate Signing Request (CSR) is often a challenging task for customers looking to secure their servers. With PKCS#12, this step is simplified as the Certificate Authority (CA) securely generates the CSR on behalf of the customer during the certificate application process, eliminating the need for the customer to create it themselves.

Requirement:

To associate services with a specific identity, configure a certificate payload and then set up the desired service, such as Wi-Fi or VPN, within the same configuration profile. For example, a certificate payload can be used to provision an identity for the device, while a Wi-Fi payload in the same profile can be configured for WPA2 Enterprise/EAP-TLS authentication using the device certificate created by the certificate payload.

Certificates generated on the user’s end, in formats like .der, .crt, .cer, .pem, .pfx, and .p12, can be added to the certificate payload and distributed via MDM.

Certificate Renewal: MaaS360 handles the lifecycle of identity certificates, including their renewal when necessary. In contrast, the management of user-generated certificates, including their lifecycle, is the responsibility of the user.

How Maas360 helps distribute user certificates using MDM policy certificate payload:

Types of certificates that can be configured include:

  1. Trust or CA Certificates - PKCS1 (.der, .crt, .cer, .pem), PKCS12 (.pfx, .p12)
  2. Identity Certificates - Certificates generated for devices and users by the Certificate Authority (CA).

Ways to distribute trusted certificates include:

  1. Policy Files Section – Upload and configure PKCS1 and PKCS12 certificates.
  2. Certificate Payload in Policy – Upload and configure PKCS1 and PKCS12 certificates.
  3. Certificate Upload from Wi-Fi Payload – Upload and configure PKCS1 certificates through the Wi-Fi payload.

Benefits:

  • Compliance – Helps organizations adhere to regulatory and data protection requirements.
  • Better User Experience – Eliminates the need for users to manually enter their username and password.
  • Centralized Certificate Management – Facilitates managing certificates from a single point of control.
  • Shared Certificates – Enables the use of a single certificate across multiple services.
  • Improved Security – Secures access to corporate resources, including VPNs and Wi-Fi networks.
  • Encrypted Communication – Ensures secure, encrypted data transfer between devices and corporate resources, such as VPN and Wi-Fi networks.

Conclusion:

With centralized certificate management and improved security over secure communication channels, organizations can ensure that devices connect and authenticate to corporate resources effortlessly. MaaS360 simplifies the certificate delivery process, allowing organizations to save time and resources while boosting overall security. Managing certificates has never been easier, providing organizations with enhanced user experience, stronger security, and seamless compliance.

If you're seeking a simpler,  streamlined user experience with improved security and seamless compliance, MaaS360 is the go-to solution!

0 comments
7 views

Permalink