Adding an SSL User Identity Certificate to the mobilEcho iOS app

1 Star2 Stars3 Stars4 Stars5 Stars

mobilEcho accepts SSL user identity certificates for authentication with a mobilEcho server or an HTTPS Reverse Proxy server.

If you have enabled certificate authentication as your mobilEcho or HTTPS Reverse Proxy login method, the mobilEcho client app will be automatically challenged for a user identity certificate when it attempts to connect to a mobilEcho server. In order for authentication to take place, an SSL user identity certificate must be added to the mobilEcho client app.

Mobile Device Management (MDM) solutions, including the Apple iPhone Configuration Utility, allow you to add certificates to an iOS device. Certificates added in this way are placed in an Apple specific section of the iOS Keychain and are only available to built in Apple services and applications, such as VPN and the Mail app. In order for the mobilEcho app to get access to a certificate, it must be added to the device through the mobilEcho app itself.

Presently, the process for adding a certificate to mobilEcho requires that the certificate file is transferred to the device and then opened into mobilEcho. The easiest way to perform this is by emailing the certificate file to the user.

To prepare a certificate for mobilEcho:

  1. You must have a certificate authority established with which you will issue certificates. Creating certificates is not a function of mobilEcho.
  2. The certificates you generate must be associated with your users’ Active Directory accounts. mobilEcho will query AD to match these certificates to the relevant user account at the time of authentication. This mapping of certificates to AD user accounts may be handled by your Microsoft Certificate Authority, or may need to be performed manually if you are using another type of certificate authority.
  3. Using your certificate authority, generate a user identity certificate that includes a private key and is in the PFX or P12 format. This certificate will require a password when it is created. This password will need to be entered by the user when the certificate is installed in the mobilEcho client app. This certificate file should have a .PFX or .P12 extension by default.
  4. Once the certificate file has been created, remove its extension completely by deleting the “.PFX” or “.P12” from the file name. This is required so that the file can be opened into mobilEcho using the standard iOS “Open In” function.

To send and install the file using email:

  1. Compose an email to the user and attach the certificate file to the email. Ensure that you’ve removed the extension from the certificate file, as described above.
  2. When the user receives the email on their device, they simply to tap the attached file and choose “Open in mobilEcho” from the pop-up menu.
  3. mobilEcho will start and the user will be prompted to confirm they want to add the certificate to mobilEcho.
  4. The user will then be prompted to enter the private key password
  5. Once the password is entered, the certificate is added to mobilEcho and the client will be able to perform certificate authentication with mobilEcho server and HTTPS reverse proxy server.
  6. The status of the installed certificate can be viewed by opening the Settings menu in the mobilEcho app.