Felenasoft

[mauricioesilva]

I was trying to use my own certificates to secure the connections and fail. The first problem was lack of documentation, specially on Android and IOS devices.

Where or how I install the public key on Android and IOS clients?.
Can Xeoma use any certificate or need to be created exactly as you explain in the readme file?. I wasn't able to use my current certificate infrastructure (I run my own CA in my internal network for all kind of services, from a TLS on a web server to 802.1x authentication).

A good documentation in this subject will be really appreciated.

[dgrindle]

I have also asked for more information about TLS on Nov 11th here http://felenasoft.com/forum/viewtopic.php?f=8&t=1469&sid=0cb2d0c50773b5ec77b456a2cac6a14c. The reply was "We are working on that right now, thank you for your patience". I am hoping to see some more documentation soon.

From my experience, yes, you should be able to use your own certificate. However, the current behavior of Xeoma is a bit odd in my opinion, because even certificates which should be trusted (CA signed or by your own CA in this case) require the public key to be added to the clients. Ideally I think Xeoma should work like a browser to automatically accept signed (or otherwise trusted) certificates. I would suggest testing with a Windows client first. I do not have any experience with Android and IOS clients and agree that the documentation is still lacking.

[Admin_N]

Hi there,

Not sure what kind of documentation you'd like but here's our guide: http://felenasoft.com/xeoma/en/articles ... onnection/

You can also follow our news at http://felenasoft.com/xeoma/en/news/ to always be the first to know!

[mauricioesilva]

Thank you Admin_N and drindle for your answers. The page linked by Admin_N is almost the same as the readme.txt, but with a few extra information that open more questions.

So I guess I will have to wait.

[Admin_N]

mauricioesilva,

What kind of documentation would you need then? The article has all there is to that subject so I fear waiting might bring no desirabale result.

Mobile operating systems are more closed up as compared to desktop ones.

For example, in Android, you can use your certificate only on rooted systems. If yours is one of such devices go to ../data/com.felenasoft.xeoma/.config/Xeoma/Security/Certificare/Client and place your certificate in there.

Do you know of any examples of using your certificate on IOS at all? Not sure it's even possible...

[mauricioesilva]

Thank you Admin_N, again, for your answer.

That is the kind of information that should have been on the readme.txt. Do you have a mobile client? DON'T CHANGE THE CERTIFICATES! or they won't be able to connect.
Is the CN checked against something or it can be any random string?. I know it can be anything because the default is "Default Xeoma certificate" and that's not the name of any of my DVRs and in the HTML page the information reads: "...make sure that the names coincide with those on the servers." something that is not true.

So far the only important thing is to have any random pair of certificates.

[Admin_N]

CN is command for generating common name while certificate is being generated. Afterwards it's not used. In that respect, I don't think I get your question. Or do you imply anything else with this abbreviation?

[mauricioesilva]

You are right, CN stand for common name. And in some services (for example Web over HTTPS) should be the exact name of the server. I know on a CCTV system will bring more troubles than benefits.

[Timbiotic]

For apple IOS why can't the ios app have an option to import certificates?

[Admin_P]

Timbiotic,
Hello! iOS app is Xeoma's youngest part, it has limited functionality. We are working on expanding it, however, Apple's policy is really not helping us with that, so the development is somewhat slow.
If you'd like to be informed of Xeoma's new features as they are developed and added, feel free to subscribe to our newsletter.