Installing Logos SSL Certificates on Mobile Devices Phase 1: Obtain the SSL Certificate You can obtain the SSL certificate in one of 2 ways. Method 1 Download the SSL certificate from it.logostech.net under the Security Certificates category and email it to yourself so you can open and install it on your mobile device. Method 2 Click on the SSL Certificate directly from it.logostech.net and install it on your mobile device. Apple iphone/ipad Pg. 2 Google Android Pg. 5 Windows Phone Pg. 7 Blackberry Pg. 11 1
Phase 2: Installing the SSL Certificate Apple iphone and ipad 1. Obtain a copy of the CA Certificates (Root CA and Intermediate CA if used) and email them to your device, such as in the following image: You ll notice the attachment in the image above shows a certificate type icon. 2. You now need to tap on the attachment. You will be presented with the following screen: At this point before continuing to the next step you should click on More Details. You should verify that it is indeed the certificate that you were expecting, it s form your corporate CA, and that it is valid and should be trusted. Once you are satisfied this is indeed a legitimate certificate that you should trust you continue. 2
3. Tap Install. You will see the following warning image displayed on the screen: Because your corporate CA is not a trusted public CA it is not automatically in the trusted list for your devices. This is the reason this warning is being displayed. Provided you are happy with the checks you ve done in the previous step, after reading this warning you can continue to the next step. 4. Tap Install. You will see the following image displayed on screen: At this point you need to enter your passcode so that the certificate can be loaded into your devices trust store and be trusted. Once you have entered your passcode successfully you will automatically be at the next step. 3
5. You have successfully loaded your corporate CA certificate into your devices trust store. You will see the following image displayed on the screen: 4
Google Android Important: You must set a lock screen PIN or password before installing a digital certificate. 1. Save the certificate file in the root folder on your Android 2. Go to Settings, and then tap Security. 3. Tap Install from phone or device storage. 5
4. If you have more than one certificate in the root folder, select the certificate you want to install. 5. Enter a name for the certificate and tap OK. 6
Windows Phone 1. To configure your Exchange email account, access the Settings menu and select email & accounts: 2. Select the option to Add an account: 3. Select the option to add an Outlook account: 7
4. Enter in your email address and password (your Active Directory password, the same password you would use to log into your office PC or laptop) and click Sign In. 5. The device will then attempt to determine the correct settings automatically, which it probably won't be able to: 8
6. Enter in your username if incorrect (this is by assumed by the device to be the content of your email address before the "@" sign, but if your username is "firstname and first letter of surname" and your email is not, then it will need to be edited) 7. Enter in your Domain. If you don't know this information, this will be the contents of the "Log Into" field on your office PC when you log in, underneath the username and password fields. Click Sign In. 8. The device will then try to log in again, which it may not be able to: 9. Select Advanced: Enter in the Server Address. If you don't know this information, contact your IT department, but if you access your email via a web browser, it will be the same address used to access this, normally in the form "mail.mycompany.com". Click Sign In: 9
10. The device will now connect to the Exchange Server and begin to synchronise. By default all mailbox folders will be synced (Email, Contacts and Calendar). To edit these preferences, tap the entry for the email account: 11. Enter in a name for the email account, select which content you wish to sync and how often. Your account is now configured. NOTE #1 at the time of writing the Exchange ActiveSync client on Windows Phone 7 will not connect to an Exchange server that uses a self signed SSL certificate, the corresponding root certificate from the certificate authority which issued the certificate to the Exchange server must be installed onto the device manually. NOTE #2 At the time of writing the only means I have found of accomplishing this is to set up an alternate email account on the device, such as a Hotmail or Google email account, and email the certificate file to the account. Once downloaded to the device as an attachment it can be installed. Once installed, the Exchange email account can then be configured as usual. Update certificates can also be installed onto devices by placing them on a web server in "p7b" format, then pointing the device browser to the file. 10
Blackberry Use this information to install the custom certificates for mobile devices application on a mobile device that is running the BlackBerry operating system. There are two ways to get a CA certificate onto a Blackberry device. They can be installed using Blackberry Desktop Software or by importing it directly to the device. Installing a certificate with the BlackBerry Desktop Software To import the certificate using the Blackberry Desktop Software, complete the following steps: 1. Download the certificate onto a device management system. 2. Import the certificate onto the management system through the web browser. 3. Connect to the device using Blackberry Desktop Software. 4. Select Tools > Desktop Options. 5. When you are prompted, select the General tab. 6. Select the Use certificate synchronization box; then, click OK. 7. In the left pane, select Certificates. 8. Select the store where the CA certificate was imported. 9. Select the certificate; then, select Sync Certificates. To verify the certificate was installed, go to Home > Options > Security > Advanced Security > Certificates. After you verify that the certificates were installed on your mobile device, the mobile application should be able to connect to any Logos website that has a server certificate signed by the CA certificate installed. Installing a certificate directly on a BlackBerry device To install the certificate directly, complete the following steps: 1. Download the CA certificate to the device. 2. Open the file. 3. When you are prompted, click Import. 4. Create a password for the keystore; then, click OK. After you set the password, the BlackBerry device shows the certificate details and a green checkmark, which indicates that it was installed. To verify the certificate was installed, go to Home > Options > Security > Advanced Security > Certificates. After you verify that the certificates were installed on your mobile device, the mobile application should be able to connect to any Logos website that has a server certificate signed by the CA certificate installed. 11