I have found how to use Client Certificates with Android OS:
This only works on rooted Phones.
1. Install and run at least once Mozilla Firefox or Mozilla Fennec for Android .
2. Please download from your Android phone to the PC: - Mozilla Firefox:
/data/data/org.mozilla.firefox/files/mozilla/
/data/data/org.mozilla.firefox/files/mozilla/
- Mozilla Fennec:
/data/data/org.mozilla.fennec/files/mozilla/
/data/data/org.mozilla.fennec/files/mozilla/
3. Move them to a MS Windows directory (Ex.: C:\keys )
4. Download the package NSS_Tools_x86_from_NSS_3.12.7 Tools.zip and extract it into a directory (Ex.: c:\nss-3_12_7)
5. Run command prompt ( CMD.EXE ) and change the directory where you have extracted NSS_Tools_x86_from_NSS_3.12.7 Tools.zip(Ex.: "cd c:\nss-3_12_7")
6. Executhe the command:
pk12util.exe -i-d sql: ( Ex.: c:\nss-3_12_7>pk12util.exe -i c:\epay.p12 -d sql:C:\keys ) Enter password for PKCS12 file: pk12util.exe: PKCS12 IMPORT SUCCESSFUL
If you have more client certificates - do the same command again.
7. Move the "cert9.db" and "key4.db" files back to your Android phone. If necessary fix the ownership and access rights.
8. Restart Mozilla Firefox or Mozilla Fennec for Android.
9. If you access a web site that needs client certificate authentication the browser will ask you to choose one of the imported client certificates and will you them
Final words: Now even on Android platform it is possible to use client certificates for SSL authentication and signing. If there was an add-on or a setting to manage them it would be much easier. I hope that Fennec developer team will fix this issue in the near future. It is also possible to use PKCS#11 library for accessing secure signature devices plugged into themicroSD slot and this will make possible to use Qualified digital certificates with Android OS.
1 kommentar:
It does work for non-rooted phones. You have to connect the device to your PC via the USB cable and mount the SD card in order to see them. I searched using several Android file managers (OI File Manager, ES File Explorer, etc.) but couldn't find them until I browsed the card in Windows. It's possible that there's some sort of attribute that hides part of this path from on-device file managers (such as a hidden flag or UNIX permission that prevents reading).
I should also point out that the paths I saw were not exactly what reported. I'm seeing:
\Android\data\org.mozilla.firefox\files\mozilla\.default
Note the first "Android" rather than two "data" directories.
Full disclosure: I'm using a stock Motorola Droid running Android 2.2.2. Latest Firefox Mobile (4.0 RC) with the "move to SD card" flag in the OS active. I use a private CA for authenticating with the admin portions of my sites and issue client certs for each device/machine I use to connect. I was able to get Firefox Mobile to successfully connect to a site that required client certs after following this procedure.
I'm glad to see at least one Android browser is supporting client certs. I've tried lots of other solutions, and so far Firefox is the only one that works. It definitely needs a built-in UI; while this procedure isn't necessarily all that hard, it's not something most users or businesses are going to go through, especially if they have a lot of devices to configure.
Skicka en kommentar