Edit certificate

If you want to use a secure HTTPS protocol to establish connection between a Milestone Mobile server and the mobile devices or XProtect Web Clients, you must apply a valid certificate on the server. The certificate confirms that the certificate holder is authorized to establish secure connections.

• If you run a Single Computer installation, Milestone Mobile server installs quietly and the system does not create a certificate. You can create one as explained further down.
• If you run a Typical installation, the system generates a self-signed certificate when you install the Milestone Mobile server. You can change to a certificate issued by another trusted site, see further down.
• If you run a Custom installation, you can choose between generating a self-signed certificate or loading a file that contains a certificate issued by another trusted site.

CA certificates

Certificates issues by CA (Certificate Authority) have a chain of certificates and on the root of that chain is the CA root certificate. When a device or browser see this certificate, it compares its root certificate with pre-installed ones on the OS (Android, iOS, Windows, etc.). If the root certificate is listed in the pre-installed certificates list, then the OS ensures the user that the connection to the server is secure enough. These certificates are issued for a domain name and are not free of charge.

Self-signed certificates

Anyone can create self-signed certificates. They do not have a root certificate from CA and OSes consider them less secure. They provide security for simple attacks, but there are some situations where they do not guarantee the security of the connection. The easiness of self-signed certificates is that the Milestone Mobile server can create them and they are free of charge.

Note: If you want to use secure connections (HTTPS), devices running iOS 9.0 or later, or Windows Phone, can connect only if you have a certificate from a certificate authority (CA) installed on your Milestone Mobile server. CAs issue digital certificates that verify the identities of users and websites that exchange data on the Internet. Examples of CAs are companies like Comodo, Symantec, and GoDaddy. Before you turn on secure connections, make sure that you are familiar with digital certificates.

If you want to create or change a certificate, do the following.

1. On a computer with Management Client installed, right-click the Mobile Server Manager icon in the system tray and select Edit certificate.
2. Choose one of the following:
   • Generate a self-signed certificate.
   • Load a CA certificate file.

Generate a self-signed certificate

1. Select the Generate a self-signed certificate option and click OK.
2. Wait for a few seconds while the system installs the certificate.
3. When finished, a window opens and informs you that the certificate was installed successfully.

   The Mobile Server service restarts to apply the change.

Locate a CA certificate file

1. Select the Load a certificate file option.
2. Fill in the path for the certificate file or click the ... box to open a window where you can browse for the file.
3. Fill in the password connected to the certificate file.
4. When finished, click OK.

   The user of the Mobile Client will be prompted to accept once again the certificate, if it is not issues by CA.

© 2018 Milestone Systems A/S