-
-
Notifications
You must be signed in to change notification settings - Fork 37
How to connect to a library with mTLS (mutual TLS) auth?
⚠️ Before following the guide, make sure to install your CA certificate first. Android won't let you connect to a server with a certificate signed by an unknown authority.
On Android 6 and higher, you can select your client certificate on the connection screen. It must be installed on your device as a "VPN and apps" certificate.
Bundle your client certificate and its private key into a PKCS 12 file with the following commands:
# Combine the certificate and the key.
cat cert.pem key.pem > pkcs12.pem
# Create a password-protected bundle.
openssl pkcs12 -in pkcs12.pem -export -out bundle.p12Download the .p12 bundle to your device and install it by opening the file from a file explorer.
Use "VPN and apps" type. Give the certificate a human-friendly name, it can be distinguished from others.
video_2023-04-06_19-19-01.mp4
Return to the gallery, select the installed certificate and connect to your library.
video_2023-04-06_19-19-16.mp4
The gallery app doesn't store or decrypt your certificates. They are managed by Android keychain.
You can delete the downloaded .p12 file, but do not remove the certificate from the Android settings.