Edit certificate

If you want to use a secure HTTPS protocol to establish connection between a XProtect Mobile server and the XProtect Mobile client or XProtect Web Client, you must apply a valid certificate on the server. The certificate confirms that the certificate holder is authorized to establish secure connections.

• If you run a Single Computer installation, XProtect Mobile server installs quietly and the system generates a self-signed certificate. You can change to a certificate issued by another trusted site, see further down.
• If you run a Typical installation, the system generates a self-signed certificate when you install the XProtect Mobile server. You can change to a certificate issued by another trusted site, see further down.
• If you run a Custom installation, you can choose between generating a self-signed certificate or loading a file that contains a certificate issued by another trusted site.

CA certificates

Certificates issues by CA (Certificate Authority) have a chain of certificates and on the root of that chain is the CA root certificate. When a device or browser sees this certificate, it compares its root certificate with pre-installed ones on the OS (Android, iOS, Windows, etc.). If the root certificate is listed in the pre-installed certificates list, then the OS ensures the user that the connection to the server is secure enough. These certificates are issued for a domain name and are not free of charge.

Self-signed certificates

Anyone can create self-signed certificates. They do not have a root certificate from CA and OSes consider them less secure. Self-signed certificates provide security for simple attacks, but there are some situations where they do not guarantee the security of the connection. The easiness of self-signed certificates is that the XProtect Mobile server can create them, and they are free of charge.

Note: If you want to use secure connections (HTTPS), devices running iOS 9.0 or later, or Windows Phone, can connect only if you have a certificate from a certificate authority (CA) installed on your XProtect Mobile server. CAs issue digital certificates that verify the identities of users and websites that exchange data on the internet. Examples of CAs are companies like Comodo, Symantec, and GoDaddy. Before you turn secure connections on, make sure that you are familiar with digital certificates.

To create or change a certificate:

1. On a computer with Management Application installed, right-click the Mobile Server Manager icon in the system tray and select Edit certificate.
2. Choose one of the following:
   • Generate a self-signed certificate
   • Load a CA certificate file

Generate a self-signed certificate

1. Select the Generate a self-signed certificate option and click OK.
2. Wait for a few seconds while the system installs the certificate.
3. When finished, a window opens and informs you that the certificate was installed successfully.

   The Mobile Server service restarts to apply the change.

Locate a CA certificate file

1. Select the Load a certificate file option.
2. Fill in the path for the certificate file or click the ... box to open a window where you can browse for the file.
3. Fill in the password connected to the certificate file.
4. When finished, click OK.

   The user of the Mobile Client will be prompted to accept once again the certificate if it is not issued by CA.

© 2019 Milestone Systems A/S