How to Apply App Certificates: Difference between revisions

From wizarPOS
No edit summary
No edit summary
Line 1: Line 1:
   '''If you want to install apk to user mode terminal, the certificate of the signing private key of the apk will be checked, it should be issued by the app root certificate. By default, there is default wizarpos root certificate in the terminal. So you should request production certificate to us for your keystore (which will be used to sign apk). The apply step is described below.'''
   '''If you want to install APK to user mode terminal, the certificate of the signing private key of the APK will be checked, it should be issued by the app root certificate. By default, there is default WizarPOS root certificate in the terminal. So you should request production certificate to us for your keystore (which will be used to sign APK). The apply step is described below.'''
   '''After get the certificate from us, you should import the certificate to your keystore, then all the apk signed by this keystore can be installed to user mode terminal.'''
   '''After get the certificate from us, you should import the certificate to your keystore, then all the apk signed by this keystore can be installed to user mode terminal.'''
== Runing Enviroment ==
== Running Environment ==
The follow steps will run in PC, and use keytool in JDK, so please make sure you have installed the JDK in your PC.
The follow steps will run in PC, and use keytool in JDK, so please make sure you have installed the JDK in your PC.
== Generate Private Keystore ==
== Generate Private Keystore ==
Line 11: Line 11:
== Export CSR (Certificate Signature Request) ==
== Export CSR (Certificate Signature Request) ==
   '''keytool -certreq -keystore '''demo.jks''' -alias androiddebugkey > demo.csr'''  
   '''keytool -certreq -keystore '''demo.jks''' -alias androiddebugkey > demo.csr'''  
== Send CSR to wizarPOS ==
== Send CSR to WizarPOS ==
Send CSR to support@wizarpos.com
Send CSR to support@wizarpos.com
== Import the Certificate Chain ==
== Import the Certificate Chain ==
Import the replied certificate chain of the CSR(demoissuedbywizarpos.crt or *.pem), when you receive them from wizarpos.:
Import the replied certificate chain of the CSR(demoissuedbywizarpos.crt or *.pem), when you receive them from WizarPOS.:
   '''keytool -importcert -keystore '''demo.jks''' -file demoissuedbywizarpos.crt -alias androiddebugkey'''
   '''keytool -importcert -keystore '''demo.jks''' -file demoissuedbywizarpos.crt -alias androiddebugkey'''
Notes:
Notes:
Line 20: Line 20:
== FAQ ==
== FAQ ==
=== Keytool ===
=== Keytool ===
keytool.exe is in the JRE path, XXX/Java/jreXXX/bin, if you have set the enviroment variable, JAVA_HOME, you can run keytool command line in every path, or else you must run the command line in the jre path.
keytool.exe is in the JRE path, XXX/Java/jreXXX/bin, if you have set the environment variable, JAVA_HOME, you can run keytool command line in every path, or else you must run the command line in the jre path.
===Keysize Problem when Generate Keypair ===
===Keysize Problem when Generate Keypair ===
Please download the unlimited strength policy from java website:
Please download the unlimited strength policy from java website:
Line 30: Line 30:


Copy the local_policy.jar and US_export_policy.jar to the folder $JAVA_HOME/jre/lib/security
Copy the local_policy.jar and US_export_policy.jar to the folder $JAVA_HOME/jre/lib/security
=== csr error ===
=== CSR error ===
After export csr, please open the csr in Notepad, if the csr content begin with "-----BEGIN NEW CERTIFICATE REQUEST-----", end with "-----END NEW CERTIFICATE REQUEST-----", there are contents in the middle, that means the csr file is right, the others are bad csr files, then you need to check the above steps you running, find the fault step.
After export CSR, please open the CSR in Notepad, if the CSR content begin with "-----BEGIN NEW CERTIFICATE REQUEST-----", end with "-----END NEW CERTIFICATE REQUEST-----", there are contents in the middle, that means the CSR file is right, the others are bad CSR files, then you need to check the above steps you running, find the fault step.

Revision as of 03:40, 11 March 2019

 If you want to install APK to user mode terminal, the certificate of the signing private key of the APK will be checked, it should be issued by the app root certificate. By default, there is default WizarPOS root certificate in the terminal. So you should request production certificate to us for your keystore (which will be used to sign APK). The apply step is described below.
 After get the certificate from us, you should import the certificate to your keystore, then all the apk signed by this keystore can be installed to user mode terminal.

Running Environment

The follow steps will run in PC, and use keytool in JDK, so please make sure you have installed the JDK in your PC.

Generate Private Keystore

 keytool -genkeypair -keystore demo.jks -keyalg RSA -keysize 2048 -alias androiddebugkey -dname "EMAILADDRESS=shan.zhang@abc.com, CN=Zhang Shan, OU=RD, O=ABC company, L=Shanghai, ST=Shanghai, C=CN"

Notes:

  • Domain name should be filled according the real information of your company. CN=commonName, OU=organizationUnit, O=organizationName, L=localityName, ST=state or province name, C=country.
  • If you want to use this keystore in Eclipse as a custom debug keystore, the alias of the key should be “androiddebugkey” and the password should be “android”. If you won’t use this keystore in Eclipse, you can use any alias name or password.

Export CSR (Certificate Signature Request)

 keytool -certreq -keystore demo.jks -alias androiddebugkey > demo.csr 

Send CSR to WizarPOS

Send CSR to support@wizarpos.com

Import the Certificate Chain

Import the replied certificate chain of the CSR(demoissuedbywizarpos.crt or *.pem), when you receive them from WizarPOS.:

 keytool -importcert -keystore demo.jks -file demoissuedbywizarpos.crt -alias androiddebugkey

Notes:

  • Choose Yes, when the importing tools ask you if you want to trust them.

FAQ

Keytool

keytool.exe is in the JRE path, XXX/Java/jreXXX/bin, if you have set the environment variable, JAVA_HOME, you can run keytool command line in every path, or else you must run the command line in the jre path.

Keysize Problem when Generate Keypair

Please download the unlimited strength policy from java website:

Java6: http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

Java7: http://www.oracle.com/technetwork/java/javase/downloads/jce-7-download-432124.html

Copy the local_policy.jar and US_export_policy.jar to the folder $JAVA_HOME/jre/lib/security

CSR error

After export CSR, please open the CSR in Notepad, if the CSR content begin with "-----BEGIN NEW CERTIFICATE REQUEST-----", end with "-----END NEW CERTIFICATE REQUEST-----", there are contents in the middle, that means the CSR file is right, the others are bad CSR files, then you need to check the above steps you running, find the fault step.