The Android agent must have the CA certificate inside the application when configuring the Secure Sockets Layer (SSL). The CA certificate is stored in a BKS (bouncycastle) file. Follow the steps given below to create and generate a BKS file:
...
OpenSSL version 3.0.0.
Info icon false For more information, see how to download and install OpenSSL.
Set up the required environment variables when running on Windows.
Info icon false For more information, see setting paths on Windows. The bcprov-jdk16-1.46
.jar
file.Info icon false Download the bcprov-jdk16-1.46
.jar
file from the maven repository.Clone the
product-emm
GIT repository. This will be referred to as<EMM_SOURCE_HOME>
.Code Block git clone https://github.com/wso2/product-emm.git
Step 1: Creating a BKS file
...
Generate the BKS file:
Info Ensure that you have the
bcprov-jdk16-1.46.jar
file in the same folder where you will be generating the BKS file before you run this command.Code Block keytool -noprompt -import -v -trustcacerts -alias 'openssl x509 -inform PEM -subject_hash -noout -in ca_cert.pem' -file ca_cert.pem -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-1.46.jar -storepass 'wso2carbon'
If you are using an SSL certificate by a trusted authority such as GoDaddy, the
cert.crt
defined in the command should be the interim certificate.
Example:Code Block keytool -noprompt -import -v -trustcacerts -alias godaddy -file cert.crt -keystore emm_truststore.bks -storetype BKS -providerclass org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath bcprov-jdk16-1.46.jar -storepass 'wso2carbon'
Optionally, view the list of certificates in the BKS form using the following command:
Code Block keytool -list -v -keystore "emm_truststore.bks" -provider org.bouncycastle.jce.provider.BouncyCastleProvider -providerpath "bcprov-jdk16-1.46.jar" -storetype BKS -storepass "wso2carbon"
- Copy the generated
emm_truststore.bks
file to the Android<EMM_SOURCE_HOME>/modules/mobile-agents/android/client/iDPProxy/src/main/res/raw
folder directory and replace the original file. - Navigate to the
<EMMM_SOURCE_HOME>/modules/mobile-agents/android/client/client/src/main/java/org/wso2/emm/agent/utils/Constants.java
file, which is in the Android folder and configure the following:- Provide the
HTTPS_HOST_IP
as the value for theSERVER_PORT
parameter.
Example:9443
. - Change the
SERVER_PROTOCOL
tohttps://
. - Provide the BKS file password as the value for the
TRUSTSTORE_PASSWORD
parameter.
Code Block title Sample public static boolean DEBUG_MODE_ENABLED = false; public static boolean LOCAL_NOTIFICATIONS_ENABLED = true; public static boolean GCM_ENABLED = false; public static String SERVER_IP = ""; public static String SERVER_PORT = "9443"; public static String SERVER_PROTOCOL = "https://"; public static String API_VERSION = "1.0.0"; public static String SERVER_APP_ENDPOINT = "/EMM/api/"; public static String OAUTH_ENDPOINT = "/oauth2/token"; public static String SENDER_ID_ENDPOINT = "devices/sender_id/"; public static String IS_REGISTERED_ENDPOINT = "devices/isregistered/"; public static String LICENSE_ENDPOINT = "devices/license/"; public static String REGISTER_ENDPOINT = "devices/register/"; public static String UNREGISTER_ENDPOINT = "devices/unregister/"; public static String NOTIFICATION_ENDPOINT = "notifications/pendingOperations/"; public static String SERVER_URL = SERVER_PROTOCOL + SERVER_IP + ":" + SERVER_PORT + SERVER_APP_ENDPOINT; public static final String TRUSTSTORE_PASSWORD = "<BKS_FILE_PASSWORD>"; public static final String EULA_TITLE = "POLICY AGREEMENT";
- Provide the
- Navigate to the
<EMMM_SOURCE_HOME>/modules/mobile-agents/android/client/iDPProxy/src/main/java/org/wso2/emm/agent/proxy/utils/Constants.java
file, and configure theSERVER_PROTOCOL
ashttps://
.