The Android agent must have the CA certificate inside the application when configuring the Secure Sockets Layer (SSL). The CA certificate is stored in a BKS (bouncycastle) file. Follow the steps given below to create and generate a BKS file:
...
Generate the BKS file:
Info Ensure that you have the
bcprov-jdk16-1.46.jar
file in the same folder where you will be generating the BKS file before you run this command.Code Block keytool -noprompt -import -v -trustcacerts -alias 'openssl x509 -inform PEM -subject_hash -noout -in ca_cert.pem' -file ca_cert.pem -keystore truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-1.46.jar -storepass 'wso2carbon'
If you are using an SSL certificate by a trusted authority such as GoDaddy, the
cert.crt
defined in the command should be the interim certificate.
Example:Code Block keytool -noprompt -import -v -trustcacerts -alias godaddy -file cert.crt -keystore truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-1.46.jar -storepass 'wso2carbon'
Optionally, view the list of certificates in the BKS form using the following command:
Code Block keytool -list -v -keystore "truststore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-1.46.jar" -storetype BKS -storepass "wso2carbon"
- Copy the generated
truststore.bks
file to the<EMM_SOURCE_HOME>/modules/mobile-agents/android/client/iDPProxy/src/main/res/raw
directory and replace the original file. - Navigate to the
<EMMM_SOURCE_HOME>/modules/mobile-agents/android/client/client/src/main/java/org/wso2/emm/agent/utils/Constants.java
file, which is in the Android folder and configure the following:- Provide the
HTTPS_HOST_IP
as the value for theSERVER_PORT
parameter.
Example:9443
. - Change the
SERVER_PROTOCOL
tohttps://
. - Provide the BKS file password as the value for the
TRUSTSTORE_PASSWORD
parameter.
Code Block title Sample public static boolean DEBUG_MODE_ENABLED = false; public static boolean LOCAL_NOTIFICATIONS_ENABLED = true; public static boolean GCM_ENABLED = false; public static String SERVER_IP = ""; public static String SERVER_PORT = "9443"; public static String SERVER_PROTOCOL = "https://"; public static String API_VERSION = "1.0.0"; public static String SERVER_APP_ENDPOINT = "/EMM/api/"; public static String OAUTH_ENDPOINT = "/oauth2/token"; public static String SENDER_ID_ENDPOINT = "devices/sender_id/"; public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/"; public static String LICENSE_ENDPOINT = "devices/license/"; public static String REGISTER_ENDPOINT = "devices/register/"; public static String UNREGISTER_ENDPOINT = "devices/unregister/"; public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/"; public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":" + SERVER_PORT + SERVER_APP_ENDPOINT; public static final String TRUSTSTORE_PASSWORD = "<BKS_FILE_PASSWORD>"; public static final String EULA_TITLE = "POLICY AGREEMENT";
- Provide the
- Navigate to the
<EMMM_SOURCE_HOME>/modules/mobile-agents/android/client/iDPProxy/src/main/java/org/wso2/emm/agent/proxy/utils/Constants.java
file, and configure theSERVER_PROTOCOL
ashttps://
.