Step 5a: Creating the MDM Gateway Certificate Request and Certificate
Follow these steps to request, create, and install a certificate for Mobile Device Manager Gateway Server. You perform these procedures from a computer that is running MDM Gateway Server, and any domain-joined server that has access to the certification authority. Complete steps 1 through 5 on MDM Gateway Server. Complete steps 6 and 7 on a domain-joined computer, and then steps 7 and 8 on MDM Gateway Server.
On the server that you want to install MDM Gateway Server, start Notepad, and then manually type the following information:
Subject = “CN=GatewayServerFQDN”
MachineKeySet = True
KeySpec = 1
Note: You must manually type the previous text into Notepad. Do not use Copy and Paste for this procedure. In the Subject field, type the FQDN for MDM Gateway Server. This must match the DNS entry in internal DNS that the MDM Device Management Server uses to connect with MDM Gateway Server. This is the same DNS entry that you enter in the Add MDM Gateway Wizard.
On the File menu, choose Save As, in the File name box, type GatewayCertReq.inf, and then save the file to the desktop.
Open a Command Prompt window and then type the following command:
certreq –new GatewayCertReq.inf GatewayCertReq.txt
Note: At the command prompt, you must locate the directory where the file GatewayCertReq.inf resides.
The previous command will create the request file, GatewayCertReq.txt. This file should be created and stored in the same directory as the GatewayCertReq.inf file.
Copy the GatewayCertReq.txt file to a domain-joined server that is in the domain. Put the file into any secure directory, open a Command Prompt window, and then move to the directory where GatewayCertReq.txt is located. Type the following command:
certreq –submit –attrib "CertificateTemplate:SCMDMWebServer (<instance name>)" GatewayCertReq.txt GatewayCert.cer
Press ENTER. A dialog box may appear that instructs you to choose a certification authority. In the list, select your designated certification authority and then choose OK. This will create the Gateway certificate. You must put the newly created .cer file on the computer that is running MDM Gateway Server.
On the server that you want to install MDM Gateway Server, open a Command Prompt window, and then type the following command:
certreq –accept GatewayCert.cer
Note: This command will import the newly created MDM Gateway Certificate into the Personal Certificate Store. At the command prompt, you must locate the directory where the file GatewayCert.cer resides.
Press ENTER and then close the Command Prompt window.