Verify the full certificate chain for j5 Mobile - j5 - 28.0 - Installation & Upgrade - Hexagon PPM

j5 Installation and Upgrade

Language
English (United States)
Product
j5
Search by Category
Installation & Upgrade
j5 Version
2019

A properly constructed certificate includes links to the certificate which signs it, and the certificate which signs that, back to the root certificate. Both a browser and j5 (from Update 16) can resolve the chain dynamically, and so usually only needs the end certificate. The certificate used for the j5 Server must include the full certificate chain.

The j5 setup will automatically verify your certificate chain. If you want to manually verify that you have configured a full certificate chain, open the j5 Server Certificate in a text viewer (such as Notepad). If you have imported the certificate using the KeyManager, the certificate will be located at C:\ProgramData\j5\security\ssl\server.crt. Each certificate in the chain starts with a line which looks like this:

-----BEGIN CERTIFICATE-----

If there is only one such line, you need to include the intermediate and root certificates in this file for it to work for j5 Mobile.

If you followed the instructions above, and imported the .p7b file, you should have a full certificate chain. If you imported a .pfx or .p12 file, you may have a version of j5 Framework prior to 28.0.48231, which did not import the full certificate chain. j5 Setup will verify this information. If it has been set up incorrectly, a j5 error message will appear requesting the required information for a successful setup.

In the case of a certificate signed by an external Certificate Authority, sometimes they will not include the full certificate chain. When a Certificate Authority hasn't included the full certificate chain, j5 will construct the full chain.

If you have any issues with the j5 Setup, please contact j5 Support with the full certificate chain. The full certificate chain will be in the form of a .p7b, .pfx or .p12 file, or a collection of files representing each certificate from the signing root certificate down to the j5 certificate.

Self-signed certificate chains and j5 Mobile

If your certificate chain is self-signed, which means that the root signing certificate was generated internally and not signed by a Certificate Authority, you need to import the root certificate into any mobile device to use j5 Mobile. Your root certificate needs to be in the .cer format.

If the certificate was generated using the j5 KeyManager, the KeyManager displays the root signing certificate's location once it has been generated. If you need help to retrieve the root signing certificate, please contact j5 Support.

For iOS devices (iPhones and iPads):

  1. Transfer the .cer file to the device.

  2. Select the .cer file, and tap Install.

  3. Navigate to SettingsGeneralAboutCertificate Trust Settings.

  4. Under the Enable full trust for root certificates heading, find the installed certificate and mark it as trusted.

For Android and Windows devices, transfer the certificate to the device, select it and tap Install. No further steps are required.