Is a signed SSL certificate required for Worklight development?

Question

I\'m working on a demo in Worklight version 6.0 where I need to use SSL from iOS and Android to the Worklight Server.

Is there any way to use a self-signed or test c

Answer 1

There is a very easy way to use certificates not signed by a known CA for development and test purposes.

Note that this support does not come from Worklight. It is really up to each mobile platform to allow you to establish trust for these type of certificates or not. The recommendations given by David above, are really just workarounds to disable SSL validation, which could be a valid alternative in some cases. However, the android:debuggable flag will only get you so far as it doesn't cover certain scenarios like when directUpdate is enabled. Plus disabling all forms of SSL validation, may not be what you really want even in dev/test environments.

Here is what you can do:

1. First understand that pure self signed certificates won't work on iOS and Android, just because the platforms themselves do not allow you to install these type of certificates into their truststores.
2. Use self signed CA certificates instead. These are just as easy to create. They are the same as self signed certs except that they have the CA bit enabled to TRUE.

3. Beware, that self signed certs generated by some tools do not usually create certificates that are also CAs. Ensure your self signed cert is a CA as well.

   • OpenSSL example on how to create a self signed CA cert:

   openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout privateKey.key -out certificate.crt

4. Ensure the certificate.crt file is X.509 version 3, and has the following extension defined: basicConstraints = CA:TRUE

5. You can check the certificate.crt file by running the following command:

   openssl x509 -in certificate.crt -text -noout

6. Use this certificate as your server certificate.
7. On iOS, e-mail your certificate.crt file or host the file on a web browser where you can manually click on it to install it. (Don't install it directly from the hosting WL server, as this only imports it into the browser space and not the device.)
   • Check that it gets installed by looking under Settings->General->Profiles->Configuration Profiles
   • Ensure iOS recognizes it and marks is as 'trusted'
8. On Android you can install the certificate.crt in the Android CA Store. The certificate.crt can be placed in /sdcard, and can be installed from Settings > Security > Install certificate from SD card. The certificate can also be opened by sending it as an email attachment or downloading via browser as in step 7 above. Android asks for an alias for the certificate, choose any name.
   • Check that it gets installed by looking under Settings -> Security -> Trusted Credentials ->User