About baiMobile® CertFinder Android
Many web sites, particularly government sites, require a digital certificate for authentication. These digital certificates are in the Android device’s Certificate Store (soft certs) or stored on a smart card (hard certs) and are verified using a chain of trust. The trust anchor for the digital certificate is the Root Certificate Authority. Most secure web sites that require digital certificates for authentication will refuse access if it cannot verify the Chain of Trust of a digital certificate. CertFinder, by Biometric Associates, was developed to solve this problem.
The Certificate Hierarchy is a structure of certificates needed to verify the validity of a certificate's issuer. Certificates are issued and signed by certificates that reside higher in the certificate hierarchy, so the validity and trustworthiness of a given certificate is determined by the corresponding validity of the certificate that signed it.
The Chain of Trust of a Certificate Chain is an ordered list of certificates, containing an end-user subscriber certificate and intermediate certificates, that enable the receiver (the web site or server) to verify that the sender and all intermediates certificates are trustworthy.
CertFinder, for CAC and PIV smart cards or soft certificates, builds a certificate trust Chain of Trust for a user certificate. The Issuer of the certificate is located and the Issuer's certificate is downloaded, the Issuer of the new cert located and downloaded, and a chain is built until the Root certificated has been found. CertFinder then verifies each certificate in the chain, and, if successful, stores the certs in the Android Certificate Store.
On startup, CertFinder will display a list of certificates that was found on your Android device. These certs may be located in any folder on your Android device. If you would like to run CertFinder on one of these soft Certs, you can select the certificate by tapping on the name. CertFinder will download and verify the trust chain of the certificates and then install the certificates in the devices certificate store.
If you would like to run CertFinder on the smart card inserted in your baiMobile® 3000MP or 301MP Smart Card reader, select the ‘Verify’ button with the certificate field blank. When invoked with a blank field, CertFinder will first search for a baiMobile® smart card reader. If you are using the 3000MP Bluetooth reader, make sure that your reader has been to your Android device. If you are using the 301MP reader, make sure that it is connected to your Android device using the supplied USB cable.
CertFinder will extract all user certificates from the smart card and build and verify a trust chain and then install the certificates in the devices certificate store.
Available smart card readers may be found at: www.biometricassociates.com
by Y####:
There is no support to help figure out how to verify the trusted chain with the cert finder. Bai needs a better knowledge base to draw from.