39367: mobilEcho: Adding an SSL User Identity Certificate to mobilEcho for HTTPS Reverse Proxy authentication

use Google Translate

Applies to: 

Last update: 04-04-2016

mobilEcho accepts SSL user identity certificates for authentication with an HTTPS Reverse Proxy server. When using reverse proxy for access, if you have enabled certificate authentication as your login method, the mobilEcho client app will be automatically challenged for a user identity certificate when it attempts to use the proxy server to access a mobilEcho server. In order for authentication to take place, an SSL user identity certificate must be added to the mobilEcho client app. Mobile Device Management (MDM) solutions, including the Apple iPhone Configuration Utility, allow you to add certificates to an iOS device. Certificates added in this way are placed in an Apple specific section of the iOS Keychain and are only available to built in Apple services and applications, such as VPN and the Mail app. In order for the mobilEcho app to get access to a certificate, it must be added to the device through the mobilEcho app itself. Presently, the process for adding a certificate to mobilEcho requires that the certificate file is transferred to the device and then opened into mobilEcho. The easiest way to perform this is by emailing the certificate file to the user. If you can access mobilEcho servers without going through a reverse proxy server while on an internal network, another option is to place a user's certificate file in their home directory or another shared mobilEcho volume, and they can then open it directly into mobilEcho from the server. To prepare a certificate for mobilEcho:

  1. Using your preferred method, generate a user identity certificate what includes a private key. This certificate will require a password when it's created that will need to be entered by the user when it's installed in the mobilEcho client app. It should have a .PFX or .P12 extension.
  2. Once the certificate file has been created, remove it's extension completely by deleting the ".PFX" or ".P12" from the file name. This is required so that the file can be opened into mobilEcho using the standard iOS "Open In" function.

To send and install the file using email:

  1. Compose an email to the user and attach the certificate file to the email. Ensure that you've removed the extension from the certificate file, as described above.
  2. When the user receives the email, they simply to tap the email file and choose "Open in mobilEcho" from the pop-up menu.
  3. mobilEcho will start and the user will be prompted to confirm they want to add the certificate to mobilEcho.
  4. The user will then be prompted to enter the private key password
  5. Once the password is entered, the certificate is added to mobilEcho and the client will be able to perform automatic certificate authentication to HTTPS reverse proxy servers.
  6. The status of the installed certificate can be viewed by opening the Settings menu in the mobilEcho app.