The Issues With A PKI Certificate On Android Devices
While Android devices are very popular and offer a lot of customization options and features, they aren't as user-friendly when it comes to the use of a PKI certificate. If you need to use a PKI certificate on Android systems, it is possible you may be able to find and use a third party app.
Currently, the Samsung Galaxy is an S/MIME (Secure Multipurpose Mail Extensions) compatible device. This will allow you to use the device to complete your application to Comodo for a Personal Authentication Certificate and have if available on the device.
The Samsung Difference
While the Samsung device uses the Android operating system, it uses a different type of the mail application. This allows for the use of the digital certificates for both encryption and digital signatures on email.
However, you cannot use the certificate if it is stored in the Android certificate store. This is because the system requires it to be installed through the email itself. The easiest way to complete the installation is to copy the file (.p12 or .pfx extension), and place it in the download folder of the USB storage.
You will then open your email on the Samsung device through their email application icon. Click on the menu button and choose settings. You will see a list of accounts for the device, and click on the one that is going to be linked to the PKI certificate on Android. As this uses SSL (Secure Sockets Layer) technology, the email account you choose must match the email account on the certificate.
Once you click on the account, you will screen through the settings and choose security options. You will then choose the Email certificate option. Do not check the encrypt or sign boxes at this time.
The next screen will give you a list of email certificates. If it indicates no certificate, click the plus sign in the corner, then highlight the Comodo file you have just stored. Highlight this and enter the password, then rename the certificate if you desire.
Then, you can go back to the Security options menu and go through the configuration process to allow you to sign and encrypt emails. This is just a matter of checking the two boxes and making sure they stay checked.
Downloading the Djigzo app will allow you to install and configure the PKI certificate on Android devices. You will need to simply download the app and then import the Personal Authentication Certificate. The app will work with the current email to provide the option to either encrypt or sign emails or complete both.
Start by exporting the PKI cert, private key and all intermediate certificates to a file. This can then be emailed to your account or use a USB drive for the transfer. For this process, you will start with the Djigoz app. Click on the Import keys at the bottom of the screen to start the process.
You will be asked to browse to find the keys, just look for the certificate and enter the password associated with that certificate. Hit the import keys button under the password.
Enter the password for the key store. This is not the same as the import password. This is unique to the device and was set up with the first certificate import. Click ok and you will see the message that the import was finished with the certificate and keys. If you check the certificates area of the app, you will see all of the certificates, including intermediate certificates, that are on the app.
As with any other type of Personal Authentication Certificate, you will need to have the recipient's certificate on your device. When he or she sends you a digitally signed email, you will need to tap on the button to download their certificate. This will automatically bring up the App and prompt you to save the certificate. Be sure to choose Certificates and not Root as the storage option and then tap import.
You will also need to use the app to encrypt and digitally sign any emails. You will have to choose the certificate to use first and then compute the message, finally clicking on sign or encrypt or both before hitting the send button.
If you have any questions about installing or using a PKI certificate on Android, give us a call at +1 888 266 6361.We are also available online at https://www.instantssl.com if you need information about Personal Authentication Certificates or any SSL/TLS products.