Root certificate configuration (iOS Sophos container policy)
With the Root certificate configuration, you upload a root certificate to a policy. When you assign the policy to a device, the certificate gets installed in the Sophos container.
The Sophos container policy is only available for Sophos Central accounts created before October 1, 2022 and for accounts migrated from an on-premise installation of Sophos Mobile.
You can upload X.509 certificate files in Privacy-Enhanced Mail (PEM) and Distinguished Encoding Rules (DER) encoding.
Commonly used file extensions are:
- PEM encoding:
- DER encoding:
After you add a Root certificate configuration to a policy, you can use it in other configurations of the same policy, for example, as Simple Certificate Enrollment Protocol (SCEP) server certificate in a SCEP configuration.
For a general description of adding configurations to a policy, see Create policy.
To upload a root certificate to a policy, do as follows:
- On the policy’s Edit policy page, click Add configuration > Root certificate.
- Click Upload a file.
Select a file containing a certificate in X.509 format and click Open.
Tip: Instead of using Upload a file, you can drag the certificate file from File Explorer and drop it anywhere in the File area.
After the file is uploaded, the Certificate name field shows the certificate issuer’s Distinguished Name (DN) information.
Click Apply to save the configuration.
- On the Edit policy page, click Save.
To upload more root certificates, add a Root certificate configuration for each certificate to the policy.