Preparing Certificates for the Mobile App

Scenario: You are configuring Desigo CC to work with the mobile app. The mobile app requires a secure (https://) connection to the website and web application, hosted on the IIS web server. Do this procedure to set up the necessary certificate. You can use:

  • A public CA host certificate (purchased from a commercial certification authority): this is publicly trusted and so does not require installing anything on the mobile device.
  • A private CA host certificate (created with the SMC): this will require installing the corresponding root certificate on the mobile device.

NOTE: Self-signed certificates cannot be used. Certificates created using the Simple Authority tool will not work.

Information

Do these steps on the computer that is running the IIS web server:

- In the case of a local IIS deployment, this will be the Desigo CC server computer.

- In the case of a remote IIS deployment, this will be the separate computer where the IIS web server was installed.

 

Reference: For background information, see the engineering reference section. For the main configuration workflow see Integrating the Mobile App.

 

Workflow diagram:

 

Prerequisites:

  • You installed the Desigo CC software and started up a project, in a configuration that includes an IIS web server. For background information see Mobile App Deployment Architectures.

 

Steps:

Method 1. Public (Commercial) CA Host Certificate

1 – Import the Commercial Host Certificate into the IIS Web Server

To use a public CA host certificate, purchased from a commercial certification authority such as Comodo (recommended):

  • Import the purchased certificate file into the Personal store of the computer running the IIS web server. The Subject Name/Certificate Issued To field must match the computer name of the IIS web server computer.
  • Because this type of certificate is publicly trusted, it will be automatically recognized as valid by the mobile app without having to install any certificates on the mobile device.
Information

Select this public CA host certificate when you create the parent website for the mobile app web application.

 

 

Method 2. Private (SMC-Created) Host Certificate

1 – On the IIS Web Server Computer, Create a Root Certificate, Import it into the TRCA Store, and Set it as Default
  1. On the IIS web server computer, start SMC.
  1. In the SMC tree, select the Certificate node.
  • The Certificates tab displays. This shows the currently configured default certificates for this Desigo CC installation.
  1. In the Certificates toolbar, click Create Certificate and select Create Root Certificate (.pfx).
  • GMS Root Certificate automatically displays in the Subject Name field.
  1. Change the subject name to a descriptive name, for example RootCertificate_MobileApp.
  1. Enter the root certificate (.pfx) and (.cer) file names, password, and path on disk into the remaining fields.
  1. Click Save .
  • The root certificate files are created and saved at the specified path.
    NOTE: Keep a copy of these root certificate files and write down the password for use in the next steps.
  1. In the Certificates toolbar, click Import , select the Root certificate certificate type.
  1. Browse to the (.cer) root certificate file created above, and select Set as default.
  1. Click Save .
  • The root certificate is imported into the TRCA store of the IIS web server computer, and set as the default. You will later need to import this same root certificate into the mobile device as well.

 

2 – On the IIS Web Server Computer, Create a Host Certificate for the IIS Web Server, Import it into the Personal Store, and Set it as Default
  1. In the Certificates toolbar, click Create Certificate and select Create Host Certificate (.pfx).
  1. In the Root certificate field, browse to the (.pfx) root certificate file created above and enter its password.
  • The full computer name of the IIS web server is automatically entered in the Subject Name field.
  1. Enter the (.pfx) and (.cer) host certificate file names, password, and path on disk.
  1. Click Save .
  • The server host certificate files are created and saved at the specified path.
  1. In the Certificates toolbar, click Import select the Host certificate certificate type.
  1. Browse for the (.pfx) host certificate file created above and enter its password.
  1. Select Set as default and Key is exportable.
  1. Click Save .
  • The host certificate is imported into the Personal store of the IIS web server computer.
Information

Select this host certificate when you create the parent website for the mobile app web application.

 

3 – Install the Same Root Certificate on the Mobile Devices

The root certificate created in Step 1 must be installed on all the mobile devices where you plan to use the mobile app. For instructions see 2 – Install Certificate on the Mobile Device. If you do not do this now, you must do it when you install the app on the mobile device.