For up-to-date product documentation, see the IBM MobileFirst Foundation Developer Center.
Configure Secure Sockets Layer (SSL)
Learn about configuring SSL for the Application Center on supported application servers and the limitations of certificate verification on mobile operating systems.
We can configure the Application Center with SSL or without SSL, unless you intend to install applications on iOS devices. For iOS applications, we must configure the Application Center server with SSL.
SSL transmits data over the network in a secured channel. You must purchase an official SSL certificate from an SSL certificate authority. The SSL certificate must be compatible with Android and iOS. Self-signed certificates do not work with the Application Center.
When the client accesses the server through SSL, the client verifies the server through the SSL certificate. If the server address matches the address that is filed in the SSL certificate, the client accepts the connection. For the verification to be successful, the client must know the root certificate of the certificate authority. Many root certificates are preinstalled on Android and iOS devices. The exact list of pre-installed root certificates varies between versions of mobile operating systems.
For information about the mobile operating system versions that support its certificates, consult the SSL certificate authority.
If the SSL certificate verification fails, a normal web browser requests confirmation to contact an untrusted site. The same behavior occurs when we use a self-signed certificate that was not purchased from a certificate authority. When mobile applications are installed, this control is not performed by a normal web browser, but by operating system calls.
Some versions of Android, iOS, and Windows Phone operating systems do not support this confirmation dialog in system calls. This limitation is a reason to avoid self-signed certificates or SSL certificates that are not suited to mobile operating systems. On Android, iOS, and Windows Phone operating systems, we can install a self-signed CA certificate on the device to enable the device to handle system calls regarding this self-signed certificate. This practice is not appropriate for Application Center in a production environment, but it can be suitable during the testing period. For details, see Managing and installing self-signed CA certificates in an Application Center test environment.
- Configure SSL for WebSphere Application Server full profile
Request a Secure Sockets Layer (SSL) certificate and process the received documents to import them into the keystore.- Configure SSL for Liberty profile
Create a keystore, import the Secure Socket Layer (SSL) certificate, and edit the server.xml file to configure SSL on Liberty profile.- Configure SSL for Apache Tomcat
Create a keystore, import the Secure Socket Layer (SSL) certificate, and edit the conf/server.xml file to define a connector for SSL on Apache Tomcat.- Managing and installing self-signed CA certificates in an Application Center test environment
Use self-signed certificate authority (CA) certificates in test environments to install applications with Application Center on a mobile device from a secured server.
Parent topic: Configure Application Center after installation