Skip to main content
Matrix42 Self-Service Help Center

Replace SSL Certificate


Silverback utilizes device management protocols that require an established trust relationship between devices and the server. This allows the server to provision and manage your mobile fleet securely. The Silverback web service requires a certificate signed by a certification authority trusted by the devices. The certificate must also match the DNS Name outlined in Section DNS Setup. As the Silverback website certificate is a core requirement for Silverback, please have the *.pfx or *.p12 certificate bundle available for the installation and the renewal process. A full list of Apple trusted certification authorities is available at:

Upload Certificate

  • Renew the SSL Certificate by your vendor or buy a new one from another vendor to receive the new *.pfx or *.p12 certificate bundle
  • Upload your certificate file to your Silverback Server

Import and Bind Certificate

  • Connect via RDP to your Silverback Server
  • Click on the Windows Icon in the Taskbar
  • Launch the Silverback SSL Certificate Tool
  • Switch Certificate Type to Website
  • Switch to Import SSL Certificate tab
  • Enter your SSL Certificate password, e.g. Pa$$w0rd
  • Select Browse and Import certificate
  • Locate and select your new SSL certificate

By default, the open wizard is filtered to *.pfx files. Switch to All files in case your SSL certificate is a *.p12 file. 

Verify Permission and Bindings

Read Permission

  • Open certlm.msc
  • Navigate to Personal > Certificates
  • Locate your new SSL certificate and perform a right-click
  • Select All Tasks > Manage Private Keys
  • Ensure that the Network Service is listed and Read permissions are granted
  • Click OK

IIS Binding

  • Open Internet Information Services (IIS) Manager
  • Expand your Server
  • Expand Sites and Select Silverback
  • Click in the right pane Bindings
  • Double click https
  • Click View
  • Ensure that your new SSL certificate is shown
  • Press Cancel and Close
  • Proceed with Update Payload Certificate

Update Payload Certificate

  • Open your Silverback Management Console
  • Login as Settings Administrator
  • Navigate to Payload
  • Under Profile Signing Certificate, select your new SSL Certificate
  • Press Save

Restart Services

  • Open an administrative command prompt or powershell
  • Type: restart-service w3svc,silv*,epic*
  • Wait until all Services are restarted

Additional Notes

  • Please ensure to have updated your new SSL Certificate as well on your Reverse Proxy
  • Use the DigiCert® SSL Installation Diagnostics Tool to perform a SSL Certificate Check and validate the TLS chain.
  • After replacing your SSL certificate, re-enroll any of your devices and check if you are able to successfully enroll it. 
  • Perform a refresh inside the Silverback Management Console for an available device and check the device communication inside the Pending Commands
  • When you have replaced the SSL certificate, please note that on already enrolled Apple devices, the Signing Certificate inside the Silverback Profile will be shown as expired, but they will still work as usual, as the profile has been signed at the enrollment process. For new devices, the profiles will be signed with the new SSL certificate. 
  • In case you have issue, e.g. when on Apple devices "Invalid Profile" appears, please review all previously made steps and review Troubleshoot Invalid MDM Profiles
  • Add a reminder for the new expiration date in your calendar or enable in Silverback the option to receive Email Alerts to avoid any service interruptions in the future  
  • Was this article helpful?