Troubleshooting certificate warnings in GravityZone Mobile Client for Android v1.3.2
This section addresses certificate warnings and errors received by end users when activating or after updating to GravityZone Mobile Client v1.3.2 on Android devices.
GravityZone Security for Mobile provides a unified enterprise-grade management of iPhone, iPad and Android devices connected to a corporate network by real-time scanning and enforcing organization’s security policies on any number of devices. Security for Mobile provides the services through GravityZone Mobile Client, available in the official Apple and Google app stores.
Starting with version 1.3.2, GravityZone Mobile Client validates the Communication Server security certificate, warning the users whenever the server provides an invalid certificate. This validation enhances communication security and prevents man-in-the-middle attacks.
The certificate is verified in the following situations:
When activating GravityZone Mobile Client.
Every time GravityZone Mobile Client initiates communication with Control Center.
If the user changes the Communication Server settings.
In case the GravityZone Communication Server certificate is invalid:
For new activations -Users trying to activate the app will receive a certificate warning, prompting them to explicitly trust the certificate or Cancel activation. No other warnings will be presented for that certificate once trusted by the user.
For existing installations - After update, users will see an issue next time Mobile Client tries to communicate with GravityZone, asking them to trust the certificate. Mobile Client will no longer communicate with GravityZone until the user explicitly accepts the certificate (without admin notification).
A certificate may be invalidated for various reasons:
It was not issued by a public/trusted Certificate Authority (for example, selfsigned certificates). Note: The default GravityZone security certificate falls also under this category.
It is expired or is not valid yet.
It was issued for a different server address.
To establish or restore communication with GravityZone:
You can obtain a certificate from a trusted Certificate Authority.
Existing users that updated the app, must follow these steps:
Open the app.
Open the Current Issues screen.
Tap Resolve for the Server Certificate Error message.
Tap Trust when prompted.
New users trying to activate the app, must tap Trust on the screen displaying the warning and then tap Activate once again.
Overview
Starting with version 1.3.2, GravityZone Mobile Client validates the Communication Server security certificate, warning the users whenever the server provides an invalid certificate. This validation enhances communication security and prevents man-in-the-middle attacks.
The certificate is verified in the following situations:
When activating GravityZone Mobile Client.
Every time GravityZone Mobile Client initiates communication with Control Center.
If the user changes the Communication Server settings.
In case the GravityZone Communication Server certificate is invalid:
For new activations -Users trying to activate the app will receive a certificate warning, prompting them to explicitly trust the certificate or Cancel activation. No other warnings will be presented for that certificate once trusted by the user.
For existing installations - After update, users will see an issue next time Mobile Client tries to communicate with GravityZone, asking them to trust the certificate. Mobile Client will no longer communicate with GravityZone until the user explicitly accepts the certificate (without admin notification).
A certificate may be invalidated for various reasons:
It was not issued by a public/trusted Certificate Authority (for example, selfsigned certificates). Note: The default GravityZone security certificate falls also under this category.
It is expired or is not valid yet.
It was issued for a different server address.
Solution
To establish or restore communication with GravityZone:
You can obtain a certificate from a trusted Certificate Authority.
Existing users that updated the app, must follow these steps:
Open the app.
Open the Current Issues screen.
Tap Resolve for the Server Certificate Error message.
Tap Trust when prompted.
New users trying to activate the app, must tap Trust on the screen displaying the warning and then tap Activate once again.