Hardware reference guide

ManualsBrandsAlto ManualsComputer equipmentBEXT 100H

70 GlobalProtect Administrator’s Guide

Set Up the Mobile Security Manager for Device Management Set Up the GlobalProtect Mobile Security Manager

Step 4 Import a server certificate for the Mobile

Security Manager device check-in

interface.

The Common Name (CN) and, if

applicable, the Subject Alternative Name

(SAN) fields of the Mobile Security

Manager certificate must match the IP

address or fully qualified domain name

(FQDN) of the device check-in interface

(wildcard certificates are supported).

Although you could generate a self-signed

server certificate for the Mobile Security

Manager device check-in interface (

Setup

> Certificate Management > Certificates

> Generate

), it is a best practice to use a

certificate from a public CA, such as

VeriSign or Go Daddy, to ensure that the

end devices will be able to connect for

enrollment. If you do not use a certificate

that is trusted by the devices, you must

add the root CA certificate to both

Mobile Security Manager configuration

and to the corresponding portal client

configuration so that the portal can

deploy the certificate to the devices as

described in Define the GlobalProtect

Client Configurations.

To import a certificate and private key, download the certificate and

key file from the CA and then make sure they are accessible from

your management system and that you have the passphrase to

decrypt the private key. Then complete the following steps on the

Mobile Security Manager:

1. Select

Setup > Certificate Management > Certificates > Device

Certificates

2. Click

Import and enter a Certificate Name.

3. Enter the path and name to the

Certificate File received from

the CA, or

Browse to find the file.

4. Select

Encrypted Private Key and Certificate (PKCS12) as the

File Format.

5. Select the

Import private key check box.

6. Enter the path and name to the PKCS#12 file in the

Key File

field or

Browse to find it.

7. Enter and re-enter the

Passphrase that was used to encrypt the

private key and then click

OK to import the certificate and key.

8. To configure the Mobile Security Manager to use this certificate

for device check-in:

a. Select

Setup > Settings > Server and then click the Edit

icon in the SSL Server Settings section.

b. Select the certificate you just imported from the

MDM Server

Certificate

drop-down.

c. (Optional) If the certificate was not issued by a well-known

CA, select the root CA certificate for the issuer from the

Certificate Authority drop-down, or Import it now.

d. Click

OK to save the settings.

Set Up the Mobile Security Manager for Device Check-In (Continued)