Configure Secure Sockets Layer (SSL)

Learn about configuring SSL for the Application Center on supported application servers and the limitations of certificate verification on mobile operating systems.

We can configure the Application Center with SSL or without SSL, unless you intend to install applications on iOS devices. For iOS applications, configure the Application Center server with SSL.

SSL transmits data over the network in a secured channel. We must purchase an official SSL certificate from an SSL certificate authority. The SSL certificate must be compatible with Android, iOS, and BlackBerry OS 6 and 7. Self-signed certificates do not work with the Application Center.

When the client accesses the server through SSL, the client verifies the server through the SSL certificate. If the server address matches the address filed in the SSL certificate, the client accepts the connection. For the verification to be successful, the client must know the root certificate of the certificate authority. Many root certificates are preinstalled on Android, iOS, and BlackBerry devices. The exact list of preinstalled root certificates varies between versions of mobile operating systems.

You should consult the SSL certificate authority for information about the mobile operating system versions that support its certificates.

If the SSL certificate verification fails, a normal web browser requests confirmation to contact an untrusted site. The same behavior occurs when we use a self-signed certificate that was not purchased from a certificate authority. When mobile applications are installed, this control is not performed by a normal web browser, but by operating system calls.

Some versions of Android, iOS, and Windows Phone operating systems do not support this confirmation dialog in system calls. This limitation is a reason to avoid self-signed certificates or SSL certificates not suited to mobile operating systems. On Android, iOS, and Windows Phone operating systems, we can install a self-signed CA certificate on the device to enable the device to handle system calls with respect to this self-signed certificate. This practice is not appropriate for Application Center in a production environment, but it may be suitable during the testing period. See Configure SSL using untrusted certificates.

• Configure SSL for WAS full profile
  Request a Secure Sockets Layer (SSL) certificate and process the received documents to import them into the keystore.

• Configure SSL for Liberty profile
  Create a keystore, import the Secure Socket Layer (SSL) certificate, and edit the server.xml file to configure SSL on Liberty profile.

• Configure SSL for Apache Tomcat
  Create a keystore, import the Secure Socket Layer (SSL) certificate, and edit the conf/server.xml file to define a connector for SSL on Apache Tomcat.

Parent topic: Install the application center