Databases
StackOverflow2013
Postsdbo
POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
    primarykey
    data
    text
    <p>Here's the situation: </p> <p>I'm working on an application which allows automated management of network connections. Users are able to configure WiFi/VPN profiles through the application and the application will manage their connectivity to these profiles. </p> <p>This was all fairly straight forward (well, the VPN side required some reflection hackery) except when I got to the point of managing these connections to networks which required certificate authentication. The trouble is that these networks by and large use self-signed certificates, and as far from what I've been running up against in android it seems to me that these certificates need to be accessible from the root cert store. I tried to create a private app keystore and install the certificates there, but as far as I can tell the WiFi and VPN segments of android can't get access to this. </p> <p>Is there a way to install a chosen certificate in the application keystore, create profiles based upon this keystore, then send the completed profile to the android wifi/vpn manager to allow the preconfigured connection? </p> <p>This seems like it should be possible, but I just haven't yet managed to be clever enough to get it to work.</p> <p><strong>Update:</strong></p> <p>When I try to create the wifi and vpn configurations I've attempted to reference installed certificates in the local application keystore. It's unable to find them once the configs are pushed to the OS, it seems. To my understanding once a certificate is installed it becomes part of a general keystore, either at the app or the os level.</p> <p>I have to keep access to the certificates internal, so I can't push them to the SD card. Even if I were to push them to the SD card I wouldn't be able to require the user to manually install the certificate, I need this to be handled in the background to simplify the configuration. I've been digging through the source and haven't found any obvious solution to this, but I was just hoping someone had stumbled across this before and I was just missing it. </p> <p>Thanks in advance for the help!</p> <p><strong>Update 2</strong></p> <p>For those of you still interested in how to do this, here are the packages/classes which you will need to take a look at. </p> <p>com.android.certinstaller.* android.security.Credentials</p> <p>With a little bit of digging you can find the appropriate ways to construct intents to install the certs you need. </p> <p>Also, as a side note, If the credential storage password has not been set on the device the initial intent you fire to install a certificate will instead only prompt the user to provide a credential storage password. The certificate will not be installed. There may be a way to work around this but I have yet to find it.</p>
    singulars
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. PTQuestion
    1. USKeener
    1. USKeener
    plurals
    1. This table or related slice is empty.
    1. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
      1. This table or related slice is empty.
      1. VTUpMod
    3. VO
      singulars
      1. POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
      1. USMike Ellery
      1. VTFavorite
    1. COregarding the keystore, I don't think apps have access to the root keystore that the VPN accesses for its certs. I think the best you can do is lead the user to the settings screen where they can import the cert. As for automating the VPN settings and connection, I assume you are using the internal VpnManager class. Have you tested your code on Android 3.x? I have had success with 2.3 but the same code fails completely on tablets (3.x) - just FYI.
      singulars
      1. POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
      1. USMike Ellery
    2. CO@Mike You're correct in that apps don't have access to the root keystore. I was trying to find a way around this with the VPN as I pretty much had to roll my own VPN manager in my application that mirrors the functionality of the internal one. I essentially build the VPN configurations and toss them as a parcel to the Android VPN service. In this parcel the certificate is only referred to by alias, so this has been a bit of trouble. Also, for Android 3.X I've noticed that none of my VPN code works. It just fails when trying to connect, and I haven't yet found a work around.
      singulars
      1. POInstalling/Accessing Certs for VPN/WIFI programmatically on Android
      1. USKeener
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload