Skip to content

Request an SSL/TLS certificate

The SSL Certificate Wizard lets you create an SSL/TLS certificate for the Sophos Mobile EAS proxy.

Run the SSL Certificate Wizard from the %MDM_HOME%\tools\Wizard folder, or download it from the Sophos Licensing Portal.

Restrictions

If you use a self-signed certificate or a certificate that is issued by your own certificate authority (CA), the following restrictions apply:

  • You must manually install the self-signed certificate or your CA certificate on your devices before you enroll them with Sophos Mobile. If you do not do this, the Sophos Mobile Control app will not trust your server and will refuse to connect.

    Certificates issued by a globally trusted CA do not require this manual installation.

  • You can’t install Android apps from APK files that are hosted on the Sophos Mobile server.

  • You can’t use Android zero-touch enrollment or Samsung Knox Mobile Enrollment.
  • If you use a self-signed certificate that was not created by the Sophos Mobile Configuration Wizard or the SSL Certificate Wizard, see the Apple document Requirements for trusted certificates in iOS 13 and macOS 10.15.

Request certificate

To request your SSL/TLS certificate, run the Sophos Mobile SSL Certificate Wizard.exe file to start the SSL Certificate Wizard.

The assistant guides you through installation. Enter the required information, considering the following instructions:

  1. On the Upload CSR page, you can click the Open CSR button to open the CSR file if your certificate vendor supports copy and paste.
  2. On the Import Certificate Files page, enter the CA certificate downloaded on the Upload CSR page into the Select CA certificate file field.
  3. On the Certificate created page, the location of the certificate created is shown. You need to refer to this location when setting up Sophos Mobile.

Note

You should create a backup of the folder containing the certificate files.