Posts

Enabling Let’s Encrypt in MobileTogether


MobileTogether Server, the backend hub for apps built in MobileTogether Designer, now supports the ability obtain SSL certificates using Let’s Encrypt. Let’s Encrypt is a free service aimed at encrypting all HTTP traffic on the web. This feature is supported in MobileTogether Server starting with version 5.1 and adds to the ability to upload your own certificate.


The video tutorial above walks you through configuring MobileTogether Server to utilize SSL encryption when communicating with MobileTogether clients. It covers the use of both Let’s Encrypt and certificates generated using a trusted certificate authority.

SSL certificates generated using a trusted certificate authority can be uploaded directly to MobileTogether Server. This configuration can provide several advantages to system administrators. These types of certificates are typically good for a much longer period of time, requiring fewer maintenance windows. In addition, you can keep your MobileTogether Server completely isolated from the outside world as this method does not require any external ports to be opened. The process to obtain these certificates can be much more complex and expensive. Verification typically requires you to provide information to the issuer and wait for a response which can delay your implementation.

Let’s Encrypt integration was added in MobileTogether 5.1. Let’s Encrypt is a certificate authority whose goal is to provide encryption to the entire Internet. Certificates generated are free of charge. Unlike other methods of generation, though, Let’s Encrypt certificates are only good for 90 days. MobileTogether Server is capable of automatically renewing these certificates every 60 days, but requires a scheduled server reboot each time this action occurs. Lastly, Let’s Encrypt requires your server to be accessible from the outside world; they will need to communicate with MobileTogether Server on port 80 to verify your server’s identity.

The ability to encrypt communication between client and server is becoming ubiquitous. MobileTogether allows you to easily secure all communication to your mobile clients using SSL encryption and new support for Let’s Encrypt greatly reduces the set up complexity.

Tags: , , , ,

ERN Registration for SSL use in Mobile Apps


Apps built with MobileTogether include the ability to use SSL encryption between the mobile app and the back-end server, and with it come restrictions on importing and exporting the app in the United States and potentially other countries. If you intend to submit the AppStore App to Apple’s App Store or Microsoft’s App Store (and potentially others), their submission processes will ask whether the app includes encryption. Since all AppStore Apps built with MobileTogether include the ability to use the OS-provided libraries for SSL use in mobile apps and in particular for the encryption of the communication between the mobile app and server using the https protocol, the answer to this question is “YES.” At some point in the process, this answer will then trigger a prompt to upload your Encryption Registration Number (ERN). So how does one obtain an ERN?

shutterstock_260811158

Read more…

Tags: , , , , , , , , , ,