Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Changing MDM web console certificate from 1024 to 2048-bit RSA key

    • Updated:
    • 13 Mar 2020
    • Product/Version:
    • Mobile Security for Enterprise 9.8
    • Platform:
    • Windows 2012 Server
    • Windows 2012 Server R2
    • Windows 2016 Server

By default, the Mobile Device Management (MDM) web console currently uses only 1028-bit RSA key.
Learn how to change the certificate to 2048-bit key.

1024-bit key


To replace the Mobile Security console certificate:

A Local Communication Server (LCS) is required to have the tools for generating a new certificate (OpenSSL). You do not need to use the LCS, but it will be necessary in certificate creation.
  1. Prepare a 2048-bit public key by using a third-party key, or by generating a new public key from the Local Communication Server as shown below.
    1. Go to <installation path>\Trend Micro\Communication Server\.
    2. Copy the following files to a new folder outside the Local Communication Server (e.g. Desktop):
      • gencert.bat
      • libeay32.dll
      • openssl.exe
      • openssl_gencert.cnf
      • ssleay32.dll
    3. Open the gencert.bat file in a text editor.
    4. Under "generate private key and CSR" section, change "openssl genrsa -out mdm-server-key-78ac9037.pem 1024" to "openssl genrsa -out mdm-server-key-78ac9037.pem 2048".
    5. Open cmd.exe and run the following command:

      gencert.bat <openssl path> <common name> <password>

      For example, execute "gencert.bat .\ MDMCert-2048 Pa$$w0rd!" and the new communication-server-cert.p12 file will be created.
  2. On your Mobile Security server, install the certificate.
    1. Open mmc.exe.
    2. Go to File > Add/Remove Snap-in.
    3. Select Certificates from left panel and add to the right.
    4. Select Computer account > Local Computer.
    5. Navigate to Certificates > Personal > Certificate > All Tasks > Import.
    6. Import the created communication-server-cert.p12 file.
  3. On your Mobile Security server, configure IIS to use the certificate.
    1. Open the Internet Information Services (IIS) Manager.
    2. Select MDM Web Site from the left panel.
    3. Under Actions > Edit Site, click Bindings... from the right panel.
    4. Select the https entry and click Edit...
    5. Under SSL certificate, select your imported certificate.
      The certificate name will be the common name assigned during certificate creation. For self-signed certificate, you may encounter a warning message regarding intermediate certificates, just click OK.
    6. Under Manage Website, click Restart.
  4. On your Mobile Security server, restart the master service.
    1. Open services.msc.
    2. Restart the Mobile Security Management Module Service.
  5. Close your browser and then access your MDM web console again.
    The certificate public key should now be changed to 2048-bit RSA.

    2048-bit key

Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.