Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Combining root Certificate Authority (CA) and intermediate CA into one file

    • Updated:
    • 30 Apr 2015
    • Product/Version:
    • Mobile Security for Enterprise 8.0
    • Mobile Security for Enterprise 9.0
    • Mobile Security for Enterprise 9.1
    • Mobile Security for Enterprise 9.2
    • Platform:
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Server R2
    • Windows 2003 Standard
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
Summary
You want to use HTTPS in downloading APK file in Mobile Security (TMMS) for Enterprise. To do so, a public trusted certificate is needed. The client cannot be downloaded using self-signed certificate on the communication server.
However, intermediate certificate from public trusted CA is not in Android certificate store which results to fail APK download via HTTPS. 
Details
Public
Most certificates will be issued by an intermediate authority that has been issued by a root authority. To make LCS support the certificate, you need to include root CA and intermediate CA in the PFX certificate for LCS. When certificate is imported to LCS, you can now download TMMS android APK from LCS.
To combine multiple PEM certificates, you just need to put the ASCII data from all of the certificates in a single file. Below is an example of this:
 
To be safe, work on your certificate starting from the root certificate and then, the intermediate certificate. Work your way up the chain to the root certificate.
-----BEGIN CERTIFICATE-----
MIIEKjCCAxKgAwIBAgIEOGPe+DANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
....
Omitted for brevity
....
u/8j72gZyxKTJ1wDLW8w0B62GqzeWvfRqqgnpv55gcR5mTNXuhKwqeBCbJPKVt7+
bYQLCIt+jerXmCHG8+c8eS9enNFMFY3h7CI3zJpDC5fcgJCNs2ebb0gIFVbPv/Er
fF6adulZkMV8gzURZVE=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIE9TCCA92gAwIBAgIETA6MOTANBgkqhkiG9w0BAQUFADCBtDEUMBIGA1UEChML
....
Omitted for brevity
....
mWEn7kVuxzn/9sWL4Mt8ih7VegcxKlJcOlAZOKlE+jyoz+95nWrZ5S6hjyko1+yq
wfsm5p9GJKaxB825DOgNghYAHZaS/KYIoA==
-----END CERTIFICATE-----
After combining the ASCII data into one file, verify validity of certificate chain for sslserver usage:
openssl verify -verbose -purpose sslserver -CAfile CAchain.pem name.pem
Combine the private key, certificate, and CA chain into a PFX:
openssl pkcs12 -export -out name.pfx -inkey name.<en|unen>crypted.priv.key -in name.pem -certfile CAchain.pem
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install
Solution Id:
1106466
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.