Built-In CA

Introduction

With Relution, you can use integrated certificates.
These certificates are used in many areas, for example SSL/TLS encryption, email security, VPN- and WiFi connections and signing.

In the following instructions, we will create a built-in certification authority (CA) and define a certificate template with variables for assignment. Then we will configure a policy that includes the certificate configuration and assign it to the appropriate devices. This will enable the generation of the certificate for the end devices.

Create built-in CA

In Relution, a built-in CA must be created for this under Settings > Certification Authorities > Add. Select the type of certification authority Built-In from the drop-down menu. Click on Generate to create the certificate.

Generate built-in root certificate

Mandatory fields

  • Name

    Name of the certificate.

  • Password

    Password for the root certificate.

  • CN / Common Name

    Usually the domain name.

  • Expiration Date

    10 years are preselected.

Certificate template

The certificate template Settings > Certificate templates > Add is used to define parameters for the certificate.

Mandatory fields

  • Name

    Name of the template.

  • Certification authority

    Select the previously created built-in certificate.

  • Name of the owner

    as an example, CN=MyUseCase-${user.email}
    Here you can choose from the variables listed below, such as ${user.name}, ${device.serialnumber} or ${user.email}.

The free text in CN=MyUseCase should be chosen to match the use case, e.g. VPN or WLAN

Further options

  • Signature
  • Encryption
  • Subject Alternative Name
    • Directory Name
    • DNS
    • eMail
    • IP Address
    • User Principal Name
    • URI
  • Enable auto-renew (in days)

A certificate is automatically renewed if the certificate’s expiration date falls within this period.
Preselected is 30 days.

  • Period after certificate expires (in days)

    A certificate is no longer valid after this period.
    Preselected are 365 days.

Policy with certificate configuration

For the steps to take effect and a certificate to be created, a policy with a certificate configuration must be created in Relution. Here is an example for iOS:

Select Devices > Policies > Add > Platform and Name.

In the created policy, select the configuration Certificate. Enter a name and select the previously created certificate template in the tab Certificate templates.

Likewise, the certificate template can be used for VPN and WLAN configurations

Validation

The following entry should be created in the Relution device history after distribution:
A certificate for the certificate template $Template was issued by $User.

In addition, the new certificate can be found under Certificates in the device information (provided the device information is up to date).