Certificate Enrollment
OpenTAKServer supports client certificate enrollment which defaults to port 8446
.
Authentication
Certificate enrollment requires authentication. You will need to register an account on your OpenTAKServer or have an administrator make an account for you.
Prerequisites
The default port for certificate enrollment is 8446
. This port will use one of two types of certificates, self-signed
or Let’s Encrypt. The default is to use self-signed certificates. If your server uses self-signed certificates, you will need
a copy of your server’s truststore certificate for auto-enrollment. You can download a copy at
https://your_server_address/api/truststore
or by logging into the web UI and clicking the Download Truststore
button.
iTAK QR Code
In order to use a QR code for iTAK enrollment, your server must be configured with a signed certificate from Let’s Encrypt or a similar trusted certificate authority.
Instructions
On the main ATAK screen, tap the hamburger icon in the top right corner and tap
Settings
Tap on
Network Preferences
Tap on
TAK Servers
Tap the three vertical dots button in the top right corner and tap
Add
Fill out your server’s name and address
Check the
Use Authentication
checkbox and enter your OpenTAKServer username and passwordCheck the
Enroll for Client Certificate
checkboxMake sure Streaming Protocol is set to
SSL
The default server port is
8089
unless OpenTAKServer has been configured to use a different port. Ask your server’s admin if you are unsureUse default SSL/TLS Certificates
Self-signed certificates (This is the most common setup)
If your OpenTAKServer is using self-signed certificates, uncheck
Use default SSL/TLS Certificates
Make sure that
Enroll with Preconfigured Trust
IS checked (you may not have this option if you’re on an older version of ATAK)Tap the Import Trust Store button and find your trust store file.
In the password field next to that button, type your trust store certificate’s password. The default is
atakatak
Tap OK
Let’s Encrypt Certificates
Leave
Use default SSL/TLS Certificates
checkedMake sure that
Enroll with Preconfigured Trust
IS NOT checked (you may not have this option if you’re on an older version of ATAK)
Tap the
Ok
button at the bottom of the screenAfter a few seconds you should see a message that registration has succeeded, and you will be automatically connected to the server
Any data packages, plugins, and device profiles that have been set by the server admin to install on enrollment will be automatically installed