The Android agent must have the CA certificate inside the application when configuring the Secure Sockets Layer (SSL). The CA certificate is stored in a BKS (bouncycastle) file. Follow the steps given below to create and generate a BKS file:
...
OpenSSL version 3.0.0.
Info icon false For more information, see how to download and install OpenSSL.
Set up the required environment variables when running on Windows.
Info icon false For more information, see setting paths on Windows. The bcprov-jdk16-1.46
.jarfile.Info icon false Download the bcprov-jdk16-1.46
.jarfile from the maven repository.Clone the
product-emmGIT repository. This will be referred to as<EMM_SOURCE_HOME>.Code Block git clone https://github.com/wso2/product-emm.git
Step 1: Creating a BKS file
...
Generate the BKS file:
Info Ensure that you have the
bcprov-jdk16-1461.46.jarfile in the same folder where you will be generating the BKS file before you run this command.Code Block keytool -noprompt -import -v -trustcacerts -alias 'openssl x509 -inform PEM -subject_hash -noout -in ca_cert.pem' -file ca_cert.pem -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-1461.46.jar -storepass 'wso2carbon'
If you are using an SSL certificate by a trusted authority such as GoDaddy, the
cert.crtdefined in the command should be the interim certificate.
Example:Code Block keytool -noprompt -import -v -trustcacerts -alias godaddy -file cert.crt -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-1461.46.jar -storepass 'wso2carbon'
Optionally, view the list of certificates in the BKS form using the following command:
Code Block keytool -list -v -keystore "emm_truststore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-1.46.jar" -storetype BKS -storepass "wso2carbon"- Copy the generated
emm_truststore.bksfile to the Android<EMM_SOURCE_HOME>/modules/mobile-agents/android/client/iDPProxy/src/main/res/rawfolder directory and replace the original file. - Navigate to the
<EMMM_SOURCE_HOME>/modules/mobile-agents/android/client/client/src/main/java/org/wso2/emm/agent/utils/Constants.javafile, which is in the Android folder and configure the following:- Provide the
HTTPS_HOST_IPas the value for theSERVER_PORTparameter.
Example:9443. - Change the
SERVER_PROTOCOLtohttps://. - Provide the BKS file password as the value for the
TRUSTSTORE_PASSWORDparameter.
Code Block title Sample public static boolean DEBUG_MODE_ENABLED = false; public static boolean LOCAL_NOTIFICATIONS_ENABLED = true; public static boolean GCM_ENABLED = false; public static String SERVER_IP = ""; public static String SERVER_PORT = "9443"; public static String SERVER_PROTOCOL = "https://"; public static String API_VERSION = "1.0.0"; public static String SERVER_APP_ENDPOINT = "/EMM/api/"; public static String OAUTH_ENDPOINT = "/oauth2/token"; public static String SENDER_ID_ENDPOINT = "devices/sender_id/"; public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/"; public static String LICENSE_ENDPOINT = "devices/license/"; public static String REGISTER_ENDPOINT = "devices/register/"; public static String UNREGISTER_ENDPOINT = "devices/unregister/"; public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/"; public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":" + SERVER_PORT + SERVER_APP_ENDPOINT; public static final String TRUSTSTORE_PASSWORD = "<BKS_FILE_PASSWORD>"; public static final String EULA_TITLE = "POLICY AGREEMENT"; - Provide the
- Navigate to the
<EMMM_SOURCE_HOME>/modules/mobile-agents/android/client/iDPProxy/src/main/java/org/wso2/emm/agent/proxy/utils/Constants.javafile, and configure theSERVER_PROTOCOLashttps://.