Deploy the Android apk in a Self-Signed Certificate and an MDM Environment

mobile
You may decide to use your own private CA generated certificates for Cortex XSOAR, as opposed to buying a trusted CA certificate. If so, the Cortex XSOAR mobile app running on devices with the latest Android versions might experience difficulty connecting to the Cortex XSOAR server due to Android restrictions.
Check whether you can connect to Cortex XSOAR through your browser, even if you cannot connect through the Cortex XSOAR app. If you cannot connect to the server through your browser, there could be other issues, such as VPN connectivity into the organization’s private network.
This procedure enables you to deploy the android apk file in an environment with a self-signed certificate and a MDM, or other internal distribution mechanism. You do this by manually changing the android apk file and allowing distribution of the apk to your users through direct link to the apk or MDM of your choice.
  1. On a Java installed Linux or Mac computer, download the following:
    1. The latest
      Cortex XSOAR apk
      from the Play Store or a non-signed version from the download server using your Cortex XSOAR installer download link and append
      &downloadName=android_unsigned_apk
      to the link.
    2. The
      change_apk_cert.sh
      shell script tool from the download server using your Cortex XSOAR installer download link, and append
      &downloadName=change_apk_cert
      to the link.
  2. Place the privately issued certificate (.crt file) that you wish to deploy in the Android app, on the same computer, as referred to in step 1.
  3. Install the APKtool on the computer.
  4. Run the script by typing the following command:
    ./change_apk_cert.sh
  5. When prompted, use the other files as input.
  6. Distribute the apk to your users (by direct link to the apk or MDM of your choice) and ensure connectivity is made.
  7. (
    Optional)
    If the MDM environment issues an error (for example,
    APK is not zip aligned
    ,
    APK signature is invalid or does not exist
    , or similar) you need to re-run the script with zipalign and jarsigner enabled.
    1. Ensure that you install zipalign, which is part of Android Studio.
    2. Ensure that you install jarsigner, which is part of JDK.
      Ensure your machine’s path is set correctly to include the jarsigner tool.
    3. Run the script in step 4 and add the following options:
      -z,--zipalign
      : The path to the zipalign tool
      -k,--keystore
      : The path to the keystore to use for jarsigning the apk
      -a,--alias
      : The Alias
    If the MDM environment issues an
    Upload a new apk file with different package
    , or a similar error, contact Customer support.
  8. Repeat the process for every build of the apk that you wish to deploy.

Recommended For You