Last modified on 15 February 2016, at 08:07

Install UBIK Client Certificate

Revision as of 08:07, 15 February 2016 by KNO (Talk | contribs) (Android)

This how-to describes how to set up a client certificate to enable a secure channel to the web service.

[edit]

Android

Manual installation

One can add server certificates to the UBIK® Android application () in addition to the pre-installed certificates, using a button in the Info menu.

  1. Copy the certificate to your device's SD card where you can find it easily.
  2. Open the UBIK Android application.
  3. Press the Home button in the Action Bar.
  4. Press the Info button in the drop-down menu.
  5. On the Info screen, press the Install Certificate button.
  6. Select a file browser in order to select the certificate file.
  7. Choose the certificate file you earlier copied to the device's SD card.

If the adding was successful, a toast message confirming the installation will appear. Else, the toast's text will indicate an error.

The certificate will be stored in a BouncyCastle keystore on the device's file system (path: SD-Card/UBIK/Certificates). This means you can copy this keystore and reuse it on another device by pasting it there!

IC Attention.pngA file browser app has to be installed on your device in order to select the certificate file from the SD-card.

Automatic Import

One can place certificate files in a predefined folder in order for them to be imported automatically when the app () starts up the next time. The folder depends on the app:

<sd-card>/Android/data/com.augmensys.ubik.<custom_app>/files/cert

Certificate list

Certificate List
Certificate List

In the Info screen (), there is a button Show certificates that opens a list of all installed certificates, displaying their subject and expiry date.

IC Attention.pngThe certificate has to be provided as a X.509 DER encoded file, e.g. *.cer
IC Hint square.pngThe certificate will remain on the device even if the application is reinstalled.

WinX / Web

The clients, either WinX or Web, need to have a certificate installed if the connection to the web service should use secure communication (HTTPS). This certificate can either be a root authority certificate or any other valid certificate enabling a secured connection between the web service and the clients.

If you already have a valid (authorized) certificate available you can use this on the clients and web service. Otherwise you can create a certificate as described in Create UBIK Web Service Certificates.

A machine, hosting the UBIK® Web Client application needs to have the certificate installed as well.

Install Root Authority Certificate

To import the certificate, start the certificate manager by entering Manage computer certificates in the Windows Start Screen (alternatively, start the program certmgr):

  1. Go to section Trusted Root Certification Authorities and open the context menu.
  2. Click on All Tasks
  3. Use Import... to import the Root Certificate provided as *.cer file.
    Windows Certificaties Manager

See also