Built-In CA

Introduction

With Relution, you can use integrated certificates.
These certificates are used in many areas, for example SSL/TLS encryption, email security, VPN- and WiFi connections and signing.

In the following instructions, we will create a built-in certification authority (CA) and define a certificate template with variables for assignment. Then we will configure a policy that includes the certificate configuration and assign it to the appropriate devices. This will enable the generation of the certificate for the end devices.

Create built-in CA

In Relution, a built-in CA must be created for this under Settings > Certification Authorities > Add. Select the type of certification authority Built-In from the drop-down menu. Click on Generate to create the certificate.

Generate built-in root certificate

Mandatory fields

  • Name

    Name of the certificate.

  • Password

    Password for the root certificate.

  • CN / Common Name

    Usually the domain name.

  • Expiration Date

    10 years are preselected.

Certificate template

The certificate template Settings > Certificate templates > Add is used to define parameters for the certificate.

Mandatory fields

  • Name

    Name of the template.

  • Certification authority

    Select the previously created built-in certificate.

  • Name of the owner

    as an example, CN=MyUseCase-${user.email}
    Here you can choose from the variables listed below, such as ${user.name}, ${device.serialnumber} or ${user.email}.

Further options

  • Signature
  • Encryption
  • Subject Alternative Name
    • Directory Name
    • DNS
    • eMail
    • IP Address
    • User Principal Name
    • URI
  • Enable auto-renew (in days)

    A certificate is automatically renewed if the certificate’s expiration date falls within this period.
    Preselected is 30 days.

  • Period after certificate expires (in days)

    A certificate is no longer valid after this period.
    Preselected are 365 days.

Policy with certificate configuration

For the steps to take effect and a certificate to be created, a policy with a certificate configuration must be created in Relution. Here is an example for iOS:

Select Devices > Policies > Add > Platform and Name.

In the created policy, select the configuration Certificate. Enter a name and select the previously created certificate template in the tab Certificate templates.

Validation

The following entry should be created in the Relution device history after distribution:
A certificate for the certificate template $Template was issued by $User.

In addition, the new certificate can be found under Certificates in the device information (provided the device information is up to date).