Verifying that a Certificate Is Trusted by MobileIron Sentry
Appdome is a no-code mobile integration platform as a service (iPaaS), supporting a wide variety of implementations for Android and iOS apps.
This Knowledge Base article explains how to implement Certificate Pinning to verify that a certificate is trusted by MobileIron Sentry.
We hope you find it useful and enjoy using Appdome!
When Fusing apps on Appdome with the MobileIron SDK you can enable them for Sentry Certificate Pinning.
You will always want to make sure that your client certificate is indeed trusted by your MobileIron Sentry before you Build your app with Sentry Certificate Pinning. This trust is required when apps access your intranet via the MobileIron Sentry tunnel.
Your MobileIron Sentry must be resolvable and accessible over the internet.
Prerequisites for using Appdome for MobileIron Sentry
In order to use Appdome’s no code implementation of MobileIron Sentry, you’ll need:
- Appdome account
- Mobile App (.ipa for iOS, or .apk or .aab for Android)
- Application set up to be fused with MobileIron AppConnect SDK, to do that follow this guide
- Signing Credentials (e.g., signing certificates and provisioning profile)
Steps to Take in MobileIron and MobileIron Sentry Environments
Generate a client certificate using the same Certificate Authority (CA) trusted by your MobileIron Sentry. See below how to locate the trusted CA in your MobileIron Core:
- Export the client certificate as a P12/PFX file
- Import your P12/PFX file into your browser (PC/Mac)
- Navigate to your MobileIron Sentry URL over HTTPS (e.g. https://my.sentry.com)
- The browser will ask for a client certificate to be used to connect to the MobileIron Sentry, please select your imported client certificate from the list.
If the browser continues to the next step your client certificate is trusted by the MobileIron Sentry. Otherwise, it is not trusted.
Optional test: You can openssl command line tool to verify the certificate:
openssl s_client -cert myCert.pem -key myCert.key -connect https://my.sentry.com:443 -debug
Once it stops printing out certificate information, just type HTTP protocol command to get main page on that URL and press enter:
It should give you bit more binary data and successfully decrypt expected HTML page and dump it on the screen.
Appdome Steps to Build Apps with Sentry Certificate Pinning
- Under Managment tab, go to Appdome Mobility Suite and enable Sentry Certificate Pinning as seen below
- Add a private client certificate file for Sentry authentication
- Add your sentry host URL (without https://)
After Adding MobileIron Sentry to a Mobile App on Appdome
After you have added MobileIron Sentry SDK to any Mobile App on Appdome, there are a few additional steps needed to complete your mobile integration project.
Add Context™ to the Appdome-Built App
Appdome is a full featured mobile integration platform. Within Context™, Appdome users can brand the app, including adding a favicon to denote the new service added to the app.
For more information on the range of options available in Context™, please read this knowledge base article.
Sign the AppConfig enabled Appdome-Built App (Required)
In order to deploy an Appdome-Built app, it must be signed. Signing iOS app and Signing an Android app are easy using Appdome. Alternatively, you can use Private Signing, download your unsigned app and sign locally using your own signing methods.
Deploy the Appdome-Built App to a Mobile Device
Once you have signed your Appdome-Built app, you can download to deploy it using your distribution method of choice. For more information on deploying your Appdome-Built apps, please read this knowledge base.
That is it – Enjoy Appdome for AppConfig in your app!