Deploy the Android APK in a Self-Signed Certificate and an MDM Environment - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide
Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Deploy the android APK file with a self-signed certificate and an MDM or other internal distribution mechanism.

You may decide to use your own private CA generated certificates for Cortex XSOAR, as opposed to buying a trusted CA certificate. If so, the Cortex XSOAR mobile app running on devices with the latest Android versions might experience difficulty connecting to the Cortex XSOAR server due to Android restrictions.

Note

Check whether you can connect to Cortex XSOAR through your browser, even if you cannot connect through the Cortex XSOAR app. If you cannot connect to the server through your browser, there could be other issues, such as VPN connectivity into the organization’s private network.

This procedure enables you to deploy the android apk file in an environment with a self-signed certificate and a MDM, or other internal distribution mechanism. You do this by manually changing the android apk file and allowing distribution of the apk to your users through direct link to the apk or MDM of your choice.

  1. On a Java installed Linux or Mac computer, download the following:

    1. The latest Cortex XSOAR apk from the Play Store or a non-signed version from the download server using your Cortex XSOAR installer download link and append &downloadName=android_unsigned_apk to the link.

    2. The change_apk_cert.sh shell script tool from the download server using your Cortex XSOAR installer download link, and append &downloadName=change_apk_cert to the link.

  2. Place the privately issued certificate (.crt file) that you wish to deploy in the Android app, on the same computer, as referred to in step 1.

  3. Install the APKtool on the computer.

  4. Run the script by typing the following command:

    ./change_apk_cert.sh

  5. When prompted, use the other files as input.

  6. Distribute the apk to your users (by direct link to the apk or MDM of your choice) and ensure connectivity is made.

  7. (Optional) If the MDM environment issues an error (for example, APK is not zip aligned, APK signature is invalid or does not exist, or similar) you need to re-run the script with zipalign and jarsigner enabled.

    1. Ensure that you install zipalign, which is part of Android Studio.

    2. Ensure that you install jarsigner, which is part of JDK.

      Ensure your machine’s path is set correctly to include the jarsigner tool.

    3. Run the script in Step 4 and add the following options:

      -z,--zipalign: The path to the zipalign tool

      -k,--keystore: The path to the keystore to use for jarsigning the apk

      -a,--alias: The Alias

    If the MDM environment issues an Upload a new apk file with different package, or a similar error, contact Customer support.

  8. Repeat the process for every build of the apk that you wish to deploy.