Acronis Access accepts SSL user identity certificates for authentication with a Acronis Access Server or an HTTPS Reverse Proxy server.
If you have enabled certificate authentication as your Acronis Access or HTTPS Reverse Proxy login method, the Access Mobile Client app will be automatically challenged for a user identity certificate when it attempts to connect to a Gateway server. In order for authentication to take place, an SSL user identity certificate must be added to the Access Mobile Client app.
Mobile Device Management (MDM) solutions, including the Apple iPhone Configuration Utility, allow you to add certificates to an iOS device. Certificates added in this way are placed in an Apple specific section of the iOS Keychain and are only available to built in Apple services and applications, such as VPN and the Mail app. In order for the Acronis Access app to get access to a certificate, it must be added to the device through the Acronis Access app itself.
Presently, the process for adding a certificate to Acronis Access requires that the certificate file is transferred to the device and then opened into Acronis Access. The easiest way to perform this is by emailing the certificate file to the user.
Server side prerequisites
In order to use client certificate authentication you must have a Gateway server installed on the same machine as the Acronis Access Server and the mobile clients must enroll using the Gateway Server's address.
Note: When using this method, if the Gateway Server service crashes or is disabled, clients enrolled with it will not be able to connect to the management server even though the Acronis Access Server is still running.
Note: When using this form of authentication, mobile clients cannot access Sync&Share Data Sources.
Warning!: You will not be able to use client certificate authentication if your mobile client is enrolled into management directly to the Acronis Access Server.
Example scenario: If your Acronis Access is on 192.168.1.1:3000 and your Gateway is on 192.168.1.1:443, in order to use client certificate authentication, your users have to enroll in client management with 192.168.1.1:443. The Acronis Access Server is still the management server, but the requests are proxied through the Gateway Server.
To prepare a certificate for the Acronis Access app:
You must have a certificate authority established with which you will issue certificates. Creating certificates is not a function of Acronis Access.
The certificates you generate must be associated with your users’ Active Directory accounts. Acronis Access will query AD to match these certificates to the relevant user account at the time of authentication. This mapping of certificates to AD user accounts may be handled by your Microsoft Certificate Authority, or may need to be performed manually if you are using another type of certificate authority.
Using your certificate authority, generate a user identity certificate that includes a private key and is in the PFX or P12 format. This certificate will require a password when it is created. This password will need to be entered by the user when the certificate is installed in the Acronis Access client app. This certificate file should have a .PFX or .P12 extension by default.
Once the certificate file has been created, remove its extension completely by deleting the “.PFX” or “.P12″ from the file name. This is required so that the file can be opened into Acronis Access using the standard iOS “Open In” function.
To send and install the file using email:
The status of the installed certificate can be viewed by opening the Settings menu in the Acronis Access app.