Netskope Help

Create Certificates in MobileIron Cloud

To configure MobileIron Cloud, you need to create a local standalone CA, or use a 3rd-party CA, and also Identity certificates in MobileIron Cloud.

Create a Standalone CA Certificate

To create a standalone CA certificate:

  1. In the Mobile Iron Cloud admin console, go to Admin > Certificate Authority and click Add.

  2. Click Continue under Create a Standalone Certificate Authority.

  3. Click Actions, and then select Download Certificate.

  4. Note where you saved the certificate.

  5. Open a Mac OS X terminal window, and then openssl to convert the certificate from .cer format to .pem format. To do this, open a terminal window and use openssl to convert the certificate format with this command: sudo openssl x509 -inform der -in cert.cer -out cert.pem

  6. After it's converted, verify the .pem file using this command: cat cert.pem

  7. Upload the certificate to Netskope using the tenant UI. Go to Settings > Security Cloud Platform > Netskope Client > MDM Distribution, and then scroll down the page until you see the Upload Certificate to Netskope section.

  8. Click Upload/Replace Certificate, and then click Select Certificate to locate and select your certificate file.

  9. When finished, click Upload.

  10. When the Preview message box opens, click Save.

Create an Identity Certificate

To create an identity certificate:

  1. In the Mobile Iron Cloud admin console, select Configurations and click Add.

  2. Select Identity Certificate.

    SelectIdentityCert.png
  3. Enter these parameters:

    • Name: Enter a unique name for the certificate.

    • In the Configuration Setup section, select Dynamically Generated from the Certificate Distribution dropdown list.

    • Source: Select the standalone certificate you created.

    • Signature Algorithm: SHA256 with RSA

    • Subject:

      • emailAddress: ${userEmailAddress}

      • CN: ${userEmailAddress}

      • OU: <Tenant OU from the Netskope UI>

      • O: <Organization Name from the Netskope UI>

      • L: <Your city>

      • ST: <Your state> (in two letter format)

      • C: <Your country> (in two letter format)

    • Subject Alternate Name Type: (Optional)

    • Key Size: 2048

  4. Save this configuration and distribute this certificate to relevant devices.

Here's an example of an identify certificate configuration:

IdentityCertConfig.png
Provision Certificates to Devices

To provision certificates to devices:

  1. Locate the Netskope Root certificate you downloaded from the Netskope UI (Settings > Security Cloud Platform > Netskope Client > MDM Distribution).

  2. In the Mobile Iron Cloud admin console, select Configurations and click Add.

  3. Select Certificate, enter a name, and then upload the Netskope Root certificate.

  4. Distribute the certificate configuration to relevant devices.