For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.
Managing and installing self-signed CA certificates in an Application Center test environment
Use self-signed certificate authority (CA) certificates in test environments to install applications with Application Center on a mobile device from a secured server.
Parent topic: Configure Secure Sockets Layer (SSL)
Uploading or deleting a certificate
Before you begin
When we install the Application Center mobile client from OTA (the bootstrap page), the device user must upload and install the self-signed CA file before the Application Center mobile client is installed.
When we use Application Center for a test installation, the administrator might not have a real Secure Sockets Layer (SSL) certificate available. You might want to use a self-signed CA certificate. Such certificates work if they get installed on the device as root certificate.
As an administrator, we can easily distribute self-signed CA certificates to devices.
The following procedure focuses mostly on the iOS and Android environments. Support for X.509 certificates comes from the individual mobile platforms, not from IBM MobileFirstā¢ Platform Foundation. For more information about specific requirements for X.509 certificates, see the documentation of each mobile platform.
Procedure
Managing self-signed certificates: in your role of administrator of Application Center, we can access the list of registered self-signed CA certificates to upload or delete certificates.
- To display Application Center settings, click the gear icon .
- To display the list of registered certificates, select Self Signed Certificates.
- Upload or delete a certificate.
- To upload a self-signed CA certificate, in the Application Center console, click Upload a certificate and select a certificate file.
Note: The certificate file must be in PEM file format. Typical file name suffixes for this type of file are .pem, .key, .cer, .cert. The certificate must be a self-signed one, that is, the values of the Issuer and Subject fields must be the same. And the certificate must be a CA certificate, that is, it must have the X509 extension named BasicConstraint set to CA:TRUE.
- To delete a certificate, click the trash can icon on the right of the certificate file name in the list.
Install a self-signed CA certificate on a device
Registered self-signed CA certificates are available through the bootstrap page at http://hostname:portnumber/appcenterconsole/installers.html
Where:
- hostname is the name of the server that hosts the Application Center console.
- portnumber is the corresponding port number.
Procedure
- Click the SSL Certificates tab.
- To display the details of a certificate, select theĀ appropriate registered certificate.
- To download and install the certificate on the device, click Install.