Reputation: 41
HTTPS Certificate renewal on mobile apps
Now that lets encrypt.org launched public beta, they are only giving away https certificates that last 90 days. Thats for security reasons and they advice the developers to renew their https certificates after 60 days and the best way to do that is to automate that.
However, I am looking to be adding HTTPS to my mobile app. How would you automatically renew a certificate every 90 days? Wouldn't that require a new app build and an update every 60 days to the app/play store? I would love to see this question answered because I realize HTTPS is much more secure.
Thanks in advance!
Upvotes: 0
Views: 1540
Answers (1)
Reputation: 2769
Didn't have enough space in comment so I'll post it here
I'm not really sure how encrypt.org is working, so as long as you don't provide some more information about their certificate system I cant help you.
However X509Certificate itself, contains mechanism to certificate renewal, so if it's implemented correctly on ther side you can actually implement it in your app:
To allow for graceful transition from the old signing key pair to the new signing key pair, the CA should issue a certificate that contains the old public key signed by the new private signing key and a certificate that contains the new public key signed by the old private signing key. Both of these certificates are self-issued, but neither is self-signed. Note that these are in addition to the two self-signed certificates (one old, one new).
Since both cert1 and cert3 contain the same public key (the old one), there are two valid certificate chains for cert5: "cert5 → cert1" and "cert5 → cert3 → cert2", and analogously for cert6. This allows that old user certificates (such as cert5) and new certificates (such as cert6) can be trusted indifferently by a party having either the new root CA certificate or the old one as trust anchor during the transition to the new CA keys
However this still require for you to have CA cert, (which probably you don't).
On the other hand I don't know why you need your own certificate (and why from encrypt.org)? And are you sure, that their certs are not validating in Android default TrustStore? And eventually Isnt's it better to create self signed certificate for you server and use it in app so you can have full control?
Upvotes: 1
Related Questions
- Renew Apple developer certificate
- How do I update the SSL cert in my android apps?
- Expiring certificates - ios
- SSL certificate expired in android app but not in pc/mobile browsers
- Can't access website from Android app after HTTPS certificate renewing
- iOS Client Certificates and Mobile Device Management
- Android How to renewal ssl certificate without app updating in play store
- SSL Certificate for Wordpress, IOS and Android
- Which SSL certification is required for HTTPS calls from mobile apps?
- SSL for mobile game