Generating the MDM Gateway Server Certificates and Configuration File
2/9/2009
When you upgrade MDM 2008 to MDM 2008 SP1, you can request and install new certificates for the MDM Gateway Server. This process includes installing root and intermediate certification authority certificates. However, you can still use your existing MDM 2008 certificate templates and avoid creating and importing new certificates for the MDM Gateway Server. If you choose to continue to use the earlier MDM 2008 certificate templates, you must not remove them from your certification authority, or MDM Gateway Server certificate renewal will fail.
Also, the MDM Gateway Server references an XML-based certificate template object identifier list to permit or deny network traffic through its interfaces. MDM component communication, such as the Gateway Central Management (GCM) service, must use certificates that have object identifiers that match the XML-based reference list to communicate with the MDM Gateway Server. This allows for one MDM instance to be separate from another MDM instance. The XML file is called the MDM Gateway Server configuration file. The process of creating the XML file is required.
Important
At this time you must take your MDM Gateway Servers offline so that they are no longer receiving managed device communication. You will place them back online after you are finished with the next step, Upgrading an MDM Gateway Server to MDM 2008 SP1.
The instructions on how to create the certificates, install them, and generate the MDM Gateway Server configuration file are located in the MDM 2008 SP1 Deployment Guide in the section Step 5: Installing the MDM Gateway Server. If you choose not to create and install new MDM Gateway Server certificates by using the MDM 2008 SP1 templates, you may proceed to the procedure To create and import the MDM Gateway Server configuration file.
To create and install MDM Gateway Server certificates (Optional)
If you choose to create and install new MDM Gateway Server certificates by using the MDM 2008 SP1 templates, take your MDM Gateway Servers offline so that they are no longer receiving managed device communication.
In the MDM 2008 SP1 Deployment Guide perform the following procedures: Step 5a: Creating the MDM Gateway Certificate Request and Certificate, Step 5b: Exporting the Certification Authority Certificates, and Step 5c: Create and Import Certification Authority Certificate(s) onto the MDM Gateway Server.
To create and import the MDM Gateway Server configuration file (Required)
Take your MDM Gateway Servers offline so that they are no longer receiving managed device communication.
In the MDM 2008 SP1 Deployment Guide, perform the procedure Step 5d: Creating and Importing the MDM Gateway Server Configuration File.
Important
In this procedure you will create the GatewayConfig.xml and import the file onto the MDM Gateway Server. Later, in step Upgrading an MDM Gateway Server to MDM 2008 SP1, you will be asked to locate this file during the MDM Gateway Server upgrade process.