MetaTrader 5 iPhone/iPad HelpAccountsExtended Authentication

Extended Authentication

The trading platform provides the option of advanced authentication using SSL certificates, which greatly increases the system security. Extended authentication can be enabled on the trade server. When it is enabled, the standard authentication is still active. In any case, users need to enter their account details.

  • The authentication algorithm is generally accepted and secure. It is fully analogous to the SSL authentication.
  • Connection between the client and server is held over its own protocol with the encryption of all data transmitted.
  • A public key can be freely distributed and used to authenticate the message, which is signed using a secret key. It is guaranteed that knowing the public key, it is impossible to compute the secret key within a reasonable time. Calculation of the secret key based on the public one, even on powerful up-to-date computers, can take tens or hundreds of years.
  • The certificate is not required when connecting using an investor password.

Order of Generating and Receiving a Certificate #

When trying to login using an account with the extended authentication, you will need to go through standard authentication. After that, the trade server sends a request to the trading platform to generate two keys: private and public. The public key is sent to the trade server.

Based on the account details, the server generates a certificate and signs it with its private key (the server's private key signature guarantees that the certificate can't be falsified).

Extended authentication certificate can be obtained via the mobile or desktop version of the platform when opening an account. It can also be generated by a broker and submitted to a trader.

Certificate Installation when Opening Account in the Mobile Platform or through a Broker #

When opening a demo account via the mobile platform on the server with the enabled extended authentication mode, the certificate will be generated and automatically installed on a mobile device. Upon connection using the new account, the installed certificate can be viewed in "Certificates" section of MetaTrader 5 iPhone settings.

Similarly, the certificate is generated on the broker's side. After receiving the account number and password, the trader goes through the primary basic authorization on the mobile device. After that the certificate is generated.

No additional operations with the certificate are required.

Installed certificates

  • The certificate is only generated if the trader has not generated any certificate for this account (for example, by connecting to it through a desktop platform).
  • If the certificate has been generated on the mobile device, it is impossible to export the certificate for authentication from a desktop platform version. If you want to connect to the account by using both the mobile and desktop platform, contact your broker in order to delete the previously generated certificate. Then request a new certificate from the desktop platform and import it to your mobile device following instructions below.

Certificate Installing When Opening an Account in the Desktop Platform #

When opening a demo account in the desktop platform, the extended authentication certificate is also generated. A trader needs to specify the passwords for the certificate protection before receiving it.

Certificate password

This window contains the following fields and setting:

  • Password – a password for the certificate installation;
  • Confirm password – confirmation of the password to avoid mistyping;
  • Add the certificate to the Windows storage – if this option is ticked off, the certificate will be automatically installed to the operating system storage.

Password set to the certificate must contain at least two types of characters (lower case letters, upper case letters, numbers or special characters) and consist of not less than five characters.

After all of the required data are specified, tap "Continue". After that the certificate is packed and protected by the specified password. The resulting *.pfx file of the certificate is saved in /platform_folder/config/certificates of the trading platform to enable its further transfer. Names to the certificate files are assigned according to the following rule: Login_ID_Name.pfx, where:

  • Login is the account number;
  • ID is a short name of the company the account was opened in;
  • Name is the name of a client specified when creating the account.
  • Even having access to the *.pfx file, the certificate cannot be used without the password.
  • Certificates are generated only during the first account connection or when a certificate is intentionally reset on the server.

In order to use the certificate in the MetaTrader 5 for iPhone, you should transfer it to the mobile platform.

Certificate Transfer Procedure

A certificate can be securely transferred via a trade server:

  • The certificate is first encrypted on the desktop platform: the account owner sets the password for certificate encryption using the secure AES-256 algorithm. This password is only know to the user, while it is not sent to the server.
  • Further, the encrypted certificate is sent to the trade server, where it will be stored until it is received through the mobile platform, but no more than one hour.
  • To receive the certificate on a mobile device, the user must connect to the trading account from the mobile platform. After connecting, the user is prompted to import the certificate. To proceed with the import, the user needs to specify the password that was used for the certificate encryption on the desktop platform.

Certificate transfer process is secure: the trade server is only used as an intermediate storage, while the certificate is encrypted on the user's side. The certificate password is not transmitted to or stored on the trade server.

How to Transfer a Certificate

Connect to your account from the desktop platform and select "Transfer Certificate" in its context menu:

How to transfer a certificate to a mobile device

Enter the master password of the account to confirm that it is yours. Next, set a password to protect the certificate before sending it to the server, or use a random password that is generated automatically. Set a password that has at least 8 digits.

After successfully sending the certificate to the server, open the mobile platform and connect to the account. You will be immediately prompted to import the certificate. Confirm and enter the password that you have set from the desktop platform.

How to import a certificate to a mobile device

You can view the imported certificate in the "About – Certificates" section.

Importing a certificate from a PFX file

Another Transfer Option

You can transfer the certificate manually. Send a PFX file from your desktop computer to a mobile device in any preferred way, such as email, messenger, etc. Save it to the Files app on your device. Next, connect to your account in the mobile platform and tap "Import Certificate" in the dialog. Select the previously saved file and enter the certificate protection password.

Not Installed Certificates

When launching MetaTrader 5 iPhone, you will see the list of certificates to be installed or deleted (downloaded via iTunes). This list will appear every time you launch the application until you install or remove each of the certificates.

Not installed certificates

Certificate installation password

Certificate Installation

Tap on a certificate to install it. Enter certificate password that was specified when obtaining the certificate via the desktop platform.

Tap "Done" to install the certificate. Now you can connect to your previously opened account in the extended authentication mode. The appropriate certificate will be checked during each connection.

Installed certificates are managed in "Certificates" section of MetaTrader 5 iPhone settings.

Deleting certificate

If you have installed a wrong certificate via iTunes, delete it when launching MetaTrader 5 iPhone. To do this, tap "Edit" and then Delete on the left.

Deleting certificate

Invalid certificate

Installing a Certificate from the Brokerage Company

Real accounts (not demo ones) can be opened by a brokerage company. The extended authentication mode can also be used for such accounts.

In that case a company submits pfx certificate file together with the rest of the data necessary for authorization. This certificate must be installed via iTunes according to the instructions received in the desktop version of the platform.

No Certificate #

If the extended authentication mode is used for an account but the appropriate certificate has not been installed, an error message will appear when when try to connect to your account.

Install the appropriate certificate following the instructions above to continue working with your account.