Step 5b: Exporting the Certification Authority Certificates

  • Article

2/9/2009

After you obtain the valid Mobile Device Manager Gateway Server certificate, you must export the root certification authority certificate and any subordinate certification authority certificates. The following procedures assume that your root certification authority is offline and inaccessible from the company network. You perform the following procedures from a subordinate certification authority by using the Certification Authority snap-in, or from a desktop or server that has access to the Certification Authority console.

You must make sure that you follow these steps:

  • Name each exported root or subordinate certificate appropriately so that you can easily find them later.
  • Securely transfer certificates to MDM Gateway Server together with the gateway certificate. You must be able to transfer text files and certificates onto and from MDM Gateway Server.

To export root certification authority certificate

  1. Open the Certification Authority console from any domain-joined computer or server. This console must be attached to the certification authority, either root or subordinate, that you designated for MDM deployment.

  2. Right-click the name of the certification authority and then select Properties.

  3. In the CA certificates dialog box, choose the General tab, and then select the certificate for the certification authority you want to access.

  4. Choose View Certificate.

  5. In the Certificate dialog box, choose the Certification Authority tab. Select the name of the root certification authority and then choose View Certificate.

  6. In the Certificate dialog box, choose the Details tab and then choose Copy to File.

  7. The Certificate Export Wizard appears. Choose Next.

  8. On the Export File Format page, select the DER encoded binary X.509(.CER) option.

  9. Choose Next.

  10. In the File to Export box, choose the path and name for the certificate, and then choose Next.

  11. Choose Finish. The .cer file will be created in the location that you specified in the previous step.

  12. A dialog box appears to inform you that the export was successful. Choose OK to finish.

To export subordinate certification authority certificates

  1. Open the Certification Authority console from any domain-joined computer or server.

  2. Right-click the name of the certification authority and then select Properties.

  3. In the CA certificates dialog box, choose the General tab, and then select the certificate for the certification authority you want to access.

  4. Choose View Certificate.

  5. In the Certificate dialog box, choose the Certification Authority tab. Select the name of the subordinate certification authority and then choose View Certificate.

    Important

    You must export all the subordinate certification authority certificates. In the Certificate dialog box, if the View Certificate option for your subordinate certification authority is disabled, choose the Details tab and then go to the next step.

  6. In the Certificate dialog box, choose the Details tab and then choose Copy to File.

  7. The Certificate Export Wizard appears. Choose Next.

  8. On the Export File Format page, choose the DER encoded binary X.509(.CER) option.

  9. Choose Next.

  10. On the File to Export page, choose the path and name of the certificate, and then choose Next.

  11. Choose Finish. The .cer file will be created in the location that you specified in the previous step.

  12. A dialog box appears to inform you that the export was successful. Choose OK to finish.

  13. Repeat steps for every subordinate certification authority listed on the Certification Authority tab, step 5.