Configure client certificates on iOS
Configure the Connections mobile app to allow client certificate authentication on iOS mobile devices.
Most Mobile Device Management (MDM) products can push client certificates to the iOS device. However, because of iOS security restrictions, the Connections app cannot access these certificates. To work around this restriction, we can import client certificates into the Connections app's keychain.
To import a client certificate on an iOS device:
- Append the .ibmmbd extension to the client certificate p12 file so the Connections mobile app can open the file. For example: cert.p12 becomes cert.p12.ibmmbd.
Important: If we do not append the.ibmmbd extension, iOS installs the.p12 file to the iOS Settings app instead of the Connections app. In that case, the Connections app cannot use the certificate to access the server.
A .p12 file follows the PKCS #12 standard for storing cryptography objects as a single file. Each .p12 file bundles a private key with a corresponding X.509 certificate.
- Distribute the .ibmmbd file to your mobile users. Send the file by email or add it to a website that can be accessed from a mobile device.
Remember: If we distribute the .ibmmbd file from a website, we must define an application/octet-stream mime type on the web server for the .ibmmbd extension. If the mime type is not defined, iOS reads the contents of the .ibmmbd file, decides the file is a certificate, and sends it to the iOS Settings app.
- Provide the following instruction to the mobile users:
- Transfer the .ibmmbd file to your mobile device.
- From the device, tap on the .ibmmbd file and select Open in Connections. The Connections app prompts the user to enter the password for the certificate.
- Import the certificate. A confirmation message verifies the certificate was successfully imported.
- Open the Connections mobile app and create an account. When prompted, select the certificate that you imported and enter the password.
Parent topic:
Configure access with client certificates