MicroStrategy ONE

Add Trusted Server Support for Android

Trusted server is a mechanism that allows your app to only connect to servers that you trust. These servers are listed in the in SDK pin folder. These servers support certificate pinning by comparing the certificate. When a MicroStrategy Library application attempts to connect to a server, it first performs the standard HTTPS certificate verification. If HTTPS verification is successful, MicroStrategy Library then checks to see whether it should verify that the server is a trusted server. It does this by looking in the pins folder to see if there are any certificates in that folder named server. If it finds a certificate, it compares the hash of the public key in that certificate with the hash of the public key in the certificate on the server. If the hashes match, the connection is allowed. If the server name is not listed in pins folder, the connection between the Library app and the server is not allowed.

Enable Trusted Server

  1. Navigate to app > res > values.

  2. Create a bool.xml file if it does not exist.

    Copy 
    <bool name="allowNonCertificatePinningServers">false</bool>

  3. Remove the pin under network.security_config.xml, since certificate pinning a trusted server is more strict than configuration pinning.

Generate a .pem Certificate for the Server

  1. Use the following command:

    Copy 
    openssl s_client -connect fully-qualified_server_name:port# -showcerts> certificate_file_name.pem </dev/null

  2. Open the generated .pem file. Delete all content outside the certificate section. Retain the certificate section that starts with -----BEGIN CERTIFICATE----- and ends with -----END CERTIFICATE-----.
  3. Save the modified .pem file.
  4. Determine the common name of the certificate that was issued. This should be the full-qualified name of the mobile server. For example, myMobileServer1.myDivision.myCompany.com.

Add the Server Name and .pem File to the SDK

  1. Navigate to app > src > main > assets > pins.
  2. Under the pins folder, add a separate folder for each server that you want the application to trust. This case-sensitive folder name should be the fully-qualified name of the server. For example, myMobileServer1.myDivision.myCompany.com. This should be the same as the common name for the certificate that will be placed in the folder.
  3. In each server folder, add the .cer or .pem certificate that should be trusted when MicroStrategy Library tries to connect to that server.