To test this feature and view the example code, please see the Android SDK 5 Example Code Quick Start guide.

SSL mutual authentication adds extra security, where SSL connection with the license server is not only authenticated by the server providing the client device with its authentication certificate, but the device needs to return its own client certificate. The server will not handle licence requests unless this extra authentication step is successful. This feature only applies if the Head-end network is configured to request and authenticate client certificates.

The ssl-mutual-authentication example code also demonstrates how to fetch a one-time token for a CONNECT-encrypted HLS stream (playing on a CONNECT-enabled Android TV STB) from the NAGRA MediaLive server; however, this is not part of the SSL MA feature. The example code uses the SSLContext and KeyManager Android classes with the Android keystore system to retrieve previously stored certificates.

To install the client certificate on your device, follow the instructions in the ssl-mutual-authentication example code README file:

  1. Place your SSL client certificate in a p12 format under the project's res/raw folder.
  2. Replace the existing opvault.json with the Operator Vault file that matches your head-end (ensuring its name matches the resource name in This is a CONNECT requirement, not an SSL Mutual Authentication one.
  3. Replace the SSL client certificate KEYSTORE_PW password and R.raw.place_p12_here filename accordingly in
  4. Verify the SSL mutual authentication between server and client by changing the arguments of the setMutualAuthentication method.