After you set up the Datasource, you need to configure the OpenTrust Application to point to the Datasource. In this very specific context, an Application refers to a digital credential, for example, an X.509 certificate.

  1. Click on Applications & Repositories > Applications to navigate to the Applications screen.

    Certs_OpenTrust_CMSMobile_07

  2. Click on the Create a new Application of Type: drop-down arrow and OpenTrust PKI, OpenTrust PKI – Escrowed Keys, and Certificate Authorities Bundle displays the available selections. These are three different ways to configure the Application Type. This documentation covers OpenTrust PKI and Certification Authorities Bundle. OpenTrust PKI Escrowed Keys is configured in a similar fashion.

    Certs_OpenTrust_CMSMobile_08

Select the OpenTrust PKI Application Type

  1. Select OpenTrust PKI from the drop-down.
  2. Click Create. The Configure an Application window appears.

    Certs_OpenTrust_CMSMobile_09

  3. Enter appropriate information in the fields and then select on the Add an SSL client identity button.

  4. The SSL Client identity dialog box appears. Select the Authentication Type radio button. In this example, choose PKCS#12 since you are uploading a P12 (= PFX) file.

    Certs_OpenTrust_CMSMobile_10

  5. Click on the Browse button and navigate to the P12 file containing the “PKI SOAP connector” identity.

    The certificate you need to upload here corresponds to the “PKI SOAP connector identity”. This identity must have been created by the PKI administrator and configured to have access rights to enroll/revoke certificates on all profiles chosen for mobile usage. This certificate needs not be integrated into a browser; it is only used server-to-server for strong authentication. You should have received a PFX/P12 file together with the associated password.

  6. Enter the Password you received when you received the P12 file.

  7. Click Save. The window expands to display the Certificate Management Profile Settings section. This section provides you with the ability to link the Certificate Profile Fields to the Datasource fields.

    Certs_OpenTrust_CMSMobile_11

    Certs_OpenTrust_CMSMobile_12

  8. Click on the Profile drop-down and select the profile from the list. Based on the selection, the PKI Version and Type automatically populates and the Mandatory Fields that is associated with Workspace ONE UEM Template display.

  9. Drag and drop the available Data Source Fields from the bottom of the screen to the Mandatory Fields. In this example, it is the Common Name, Organizational Unit, Organization, and Email.

  10. Click Save. This links the OpenTrust Mobile Management Profile to the Data Source fields.

Select the Certification Authorities Bundle Application Type

You can add a bundle of Root and Sub-CA certificates by selecting this kind of application. To be part of a distributable bundle, a CA certificate needs to be trusted first by OpenTrust CMS Mobile. This can be achieved by editing trusted Certification Authorities through Server Management / Trust & Internal Certificates / Trusted External CAs, then selecting the right button Trust an external CA.

  1. Select Certification Authorities Bundle from the drop-down.

    Certs_OpenTrust_CMSMobile_13

  2. Click Create. The Configure an Application window appears.

    Certs_OpenTrust_CMSMobile_14

  3. Enter appropriate information in the fields and then check the appropriate checkbox for the certificate you want to associate to the Application.
  4. Click Save. This links the Certificate to the Application.
  5. The Applications window appears. The new Certification Authorities Bundle appears in the list.

    Certs_OpenTrust_CMSMobile_15