Distributing Client Certificates to iOS Mobile Devices

This topic contains the procedures required to distribute client certificates to Archibus Mobile Client users for use in the Remote User SSO Configuration.

Notes: The Archibus Mobile Client supports client certificate authentication on iOS devices. We support Archibus Mobile Client 3.0 and do not support Archibus Mobile Client 4.0. There is currently no support for client certificate authentication on the Android operating system.

The iOS operating system stores certificate information in the device Keychain. Applications in iOS do not have access to the system Keychain. Applications can only access Keychain data that is written by the app. This limitation requires that the app is responsible for reading and writing the client certificate data to the Keychain.

The following procedures describe how the client certificate distribution and installation is performed for the Archibus Mobile Client.

Obtain and Export the Client Certificates

  1. Obtain a trusted Client Certificate from a CA or a reputable reseller. Self-signed certificates will not be trusted by the mobile device and will not work in this configuration.
  2. Export the certificate to PKCS #12 format. There are various ways to accomplish this. If the certificate is installed on a Windows, you can run the following steps to export the certificate.
  3. Click Internet Options in IE, click the Content tab, and click the Certificates button.
  4. Click on the certificate that you want to export. Click the Export button.
    export_cert.png

  5. Click “Yes, export the private key.”
    export_key.png

  6. Select “Personal Information Exchange – PKCS # 12”. Be sure to check "Include all certificates in the certification path if possible.”
    pkcs_dialog.png

  7. Click Next. Create a password for the exported certificate file. This password will be required when the user installs the certificate on their device.

  8. Click Next. Enter the path and file name of the location to save the file.

Distribute the Certificates to the User

  1. The certificate will be distributed to the user via email. Change file extension of the file saved in step 8 from pfx to abcert. The file test.pfx should now be named text.abcert . The abcert extension is mapped to the Mobile Client app and will allow the user to install the certificate onto the device by saving the attached file.
  2. Send an email to the user with the test.abcert file attached. Provide the certificate password to the user via a separate email or alternate method.

Install the Certificate on the Device

  1. Open the email from the Administrator using the Mail app.
  2. Tap on the attached file to start the installation.
    attached_file.png
  3. Select “Open in Mobile Client.”
    open.png

  4. The Mobile Client app will start and the certificate installation form will be displayed. Enter the certificate password provided by the Administrator. When complete, tap Done. The certificate is now installed in the Mobile Client Keychain.