Add Private Server Certificates and Authorities to Any App

Security conscious organizations use SSL so their applications can validate the authenticity of servers and use encryption to secure the communication. IT administrators can create and sign an SSL certificate using their private CA to allow managed devices and applications to validate and access authorized private servers.

This Knowledge Base article provides step-by-step instructions for using Appdome to add SSL Certificates which were signed by a Private CA to any Android and iOS mobile app. This enables security-conscious enterprises to provide their users secure mobile access to protected internal services.

Add Private Server Certificates and Authorities to Any App without coding

The Appdome Private Server Certificates and Authorities adapter makes it easy for apps to be loaded with private CA public certificates during Fusion and allow connections to private servers.

Appdome also allows you to Auto-Pin Trusted Domains, a feature which automatically downloads and pins all server certificates from connections that the app establishes, which is particularly helpful for testing purposes.

The Appdome technology adds the server certificates and relevant handling to the application automatically and encrypting them using a highly secure mechanism, with no manual development work at all. Using Appdome, there are no development or coding prerequisites. For example, there is no Appdome SDK, libraries, or plug-ins to implement. Likewise, there are no required infrastructure changes and no dependency on HTTP frameworks or any other networking library inside the application.

What is Needed for SSL to Work?

To get started with SSL, administrators submit their certificate signing requests (CSR) containing their contact, company, and server information, to a CA.
The CA validates this information and generates SSL certificates signed by the CA’s private certificate that are loaded onto the servers. Now any application that has the CA’s public certificate can validate the server and establish an encrypted connection between the app and the server.
In particular, SSL is used when you make HTTPS connections, such as from a web browser. IT administrators have a choice to use public or private CAs.

An advantage using a public CA is that trusted root authority public CA certs come pre-installed on iOS, Android, and web browsers. Thus, any client can open an SSL connection to any server with a certificate from a trusted public CA. The disadvantage is that producing a trusted certificate from a public CA is costly and not always necessary.

Using a private CA doesn’t require the cost of a public CA certificate, but has the downside that clients accessing the servers would normally not accept connections to non-verified servers.  Normally, an attempt made by a mobile app to open a secure connection to a private server without a properly installed certificate will fail with an error like the one shown here.

AUTH-ERROR.png

Figure 1: Example of an SSL error on a mobile device

This is because the mobile operating system cannot validate the authenticity of the private CA that signed the SSL certificate on the server.

Appdome allows you to get around the private CA problem by adding the self-signed certificates to the app during Fusion.

Prerequisites for using Appdome Private Server Certificates and Authorities

In order to use Appdome’s no code implementation of Private Server Certificates and Authorities on Appdome, you’ll need:

  • Appdome account
  • Mobile App (.ipa for iOS, or .apk or .aab for Android)
  • Public certificate of the Private CA, including any Intermediate CA certs if used, and the privately signed SSL certificate that is loaded to the destination server in DER format. These are typically .cer or .crt files (not .pem which are in BASE 64 format).
  • Add these to a zip file and give it a name of your choice like Private-Certs-DER.zip and note the location. This zip file will be uploaded to Appdome in following steps.
    Note: The zip file can contain multiple CA and SSL server certs.  
  • Signing Credentials (e.g., signing certificates and provisioning profile)

How to Add Private Server Certificates and Authorities to Any Mobile App on Appdome

Follow these step-by-step instructions to add Private Server Certificates and Authorities to Any Mobile App:

Upload a Mobile App to Your Account

Please follow these steps to add a mobile app to your Appdome account.
If you don’t have an Appdome account, click here to create an account.

Select the Build TabNote: a blue underline will appear showing the step is active
Beneath the Build Tab, you will find several service options. Select AccessNote: a blue highlight will appear showing the category is active.

To enable Certificate Pinning:

  1. Open the Appdome Access Suite section
  2. Click and expand Private Server Certificates and Authorities
  3. Toggle Certificate Pinning on
  4. Add your certificates zip file
  5. Click Build My App

To enable Auto-Pin Trusted Domains:

    1. Open the Appdome Access Suite section
    2. Click and expand Private Server Certificates and Authorities
    3. Toggle Auto-Pin Trusted Domains on
    4. Click Build My App

Note: auto-pin is mutually exclusive to manually pinning certificates, selecting one will toggle the other off.

The certificate chain will be validated based on the certificates you specify during your Fusion.  The technology behind Build My App has two major elements – (1) a microservice architecture filled with 1000s of code sets needed for mobile integrations, and (2) an adaptive code generation engine that can recognize the development environment, frameworks and methods in each app and match the app to the relevant code-sets needed to add certificates and validate them, to the mobile app in seconds. For example, the technology for trusting specific private CAs inside an app, work that ordinarily a developer would need to do.

Congratulations! You now have a mobile app fully integrated with Private Server Certificates and Authorities.

After Adding Private Server Certificates and Authorities to a Mobile App on Appdome

After you have added Private Server Certificates and Authorities to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.

Add more Context™ to the Appdome-Built App

Appdome is a full-featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.

Sign the Private Server Certificates and Authorities Enabled Appdome Built App (Required)

In order to deploy an Appdome-built app, it must be signed. Signing iOS apps and Signing Android apps are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.

Deploy the Appdome-Built App to a Mobile Device

Once you have signed your Appdome-built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-built apps, please read this knowledge base.

That is it – Enjoy Appdome’s Private Server Certificates and Authorities in your app!

How Do I Learn More?

Request a demo at any time.

If you have any questions, please send them our way at support@appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to make mobile integration easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Paul Levasseur

Have a question?

Ask an expert