Managing and installing self-signed CA certificates in an Application Center test environment

Use self-signed certificate authority (CA) certificates in test environments to install applications with Application Center on a mobile device from a secured server.

Parent topic: Configuring Secure Sockets Layer (SSL)

Uploading or deleting a certificate

Before you begin

When you install the Application Center mobile client from OTA (the bootstrap page), the device user must upload and install the self-signed CA file before the Application Center mobile client is installed.

About this task

When you use Application Center for a test installation, the administrator might not have a real Secure Sockets Layer (SSL) certificate available. You might want to use a self-signed CA certificate. Such certificates work if they get installed on the device as root certificate. For the basic concepts of CA certificates and further details about such certificates, see Configuring SSL by using untrusted certificates.

As an administrator, you can easily distribute self-signed CA certificates to devices.

The following procedure focuses mostly on the iOS and Android environments. Support for X.509 certificates comes from the individual mobile platforms, not from IBM MobileFirst Platform Foundation. For more information about specific requirements for X.509 certificates, see the documentation of each mobile platform.

Procedure

Managing self-signed certificates: in your role of administrator of Application Center, you can access the list of registered self-signed CA certificates to upload or delete certificates.

  1. To display Application Center settings, click the gear icon Icon to access Application Center settings..
  2. To display the list of registered certificates, select Self Signed Certificates.
  3. Upload or delete a certificate.
    • To upload a self-signed CA certificate, in the Application Center console, click Upload a certificate and select a certificate file.
      Note: The certificate file must be in PEM file format. Typical file name suffixes for this type of file are .pem, .key, .cer, .cert. The certificate must be a self-signed one, that is, the values of the Issuer and Subject fields must be the same. And the certificate must be a CA certificate, that is, it must have the X509 extension named BasicConstraint set to CA:TRUE.
    • To delete a certificate, click the trash can icon on the right of the certificate file name in the list.

Installing a self-signed CA certificate on a device

About this task

Registered self-signed CA certificates are available through the bootstrap page at http://hostname:portnumber/appcenterconsole/installers.html
Where:
  • hostname is the name of the server that hosts the Application Center console.
  • portnumber is the corresponding port number.

Procedure

  1. Click the SSL Certificates tab.
  2. To display the details of a certificate, select the appropriate registered certificate.
  3. To download and install the certificate on the device, click Install.