Android cannot create its own certificates. This is therefore done by
makecerton a PC.
Download the "Tool to create certificates" (makecert) from the Intra2net system under Information > Download, and unpack it into a directory on your computer.
Start the makecert batch file.
C:\makecert>makecert Validity of the new certificate: 1. one year 2. two years 3. three years 4. four years 5. five years Your choice: 1 C:\makecert>openssl req -x509 -newkey rsa:2048 -days 1825 -new -nodes -config openssl.cnf -outform PEM -keyform PEM -keyout privatekey.pem -out newcert.cer Using configuration from openssl.cnf Loading 'screen' into random state - done Generating a 2048 bit RSA private key ........................+++ ...............................................................+++ writing new private key to 'privatekey.pem' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank.
Now enter the client data. For some fields there is a default value in square brackets. If you want to use it, just press Return. Do not use umlauts or other special characters, as otherwise problems may occur. The "common name" (or "computer name" on the Intra2net system) must be unique and must not be reused for other clients or for a CA.
Country Name (2 letter code) : State or Province Name (full name) : Locality Name (eg, city) : Organization Name (eg, company) :Firma GmbH Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :Android Mueller Email Address : C:\makecert>openssl pkcs12 -export -in newcert.cer -inkey privatekey.pem -out newcert.p12 Loading 'screen' into random state - done
Select a export password that protects the key file on its way to the VPN client on the device. The password must be at least 4 characters long.
Enter Export Password: Verifying password - Enter Export Password: C:\makecert>del privatekey.pem
The key bundle for the client is now in PKCS#12 format in the
newkey.p12file, the certificate for the Intra2net system (PEM format) in
The client's certificate will now be made available to the Intra2net system. To do this, open the certificate file (
newkey_cert.cer) with a text editor (e.g. Wordpad) and copy the entire contents of the file to the clipboard.
In the Intra2net system open the menu System > Keys > Foreign keys and create a new key. Enter a name for the key (e.g. the name of the employee) and then paste the certificate data from the clipboard into the field Copy & paste certificate.
Next we will prepare the Intra2net system certificate for import to Android. To do this, open the System > Keys > Own Keys menu and select the certificate you want to use for the connection. It is advisable to use only one certificate for all VPNs on the Intra2net system side. Export the certificate as a .cer file to your local computer.
Now connect the Android device to your computer via USB. Many devices have different connection modes to choose from. Select a mode in which you can exchange files between PC and Android device, such as Media Device (MTP) or drive. If there are any uncertainties, consult the manual of your Android device regarding data exchange between a PC and the device.
Now copy the previously created key bundle (file name
newcert.p12) to the root directory of the Android drive (e.g. using Windows Explorer).
With your browser, copy the Intra2net system certificate file you just downloaded into the root directory of the Android drive. The file name is the name assigned in the Intra2net system with the extension
Disconnect the PC and Android device properly using the remove hardware feature in the Windows taskbar.
On the Android device, open, then , and .
Under thecategory, and select .
Select the private key (file name
newcert.p12) to import it. The export password will be requested, and then it will be possible to assign a suitable name to the certificate.
Select the Intra2net System certificate and assign a suitable name.
The certificates are now exchanged and installed between the devices.