cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

IOS synchronizatiion using HTTPS

Go to solution
Former Member

on ‎09-02-2013 11:03 AM

0 Kudos

Hi everybody,

we are stuck with a synchronization issue via relay server /HTTPS in SUP 2.2.4 .

We have developed a Native application both for Android and iOS devices and configured the Unwired Server / relay server to use HTTPS.

While on the android device everthing is fine with iOS we have certificate errors

STEPS:

  • Import the certificate on the device (every certificate in the certificate chain)
  • Configure the connection template in SCC
  • Register the application to the unwired server (everthing is fine both in IOS and Android)
  • Synchronize using the settings pushed by the unwired server.

IOS: we get error 207 (No trusted root certificates were provided) if we don't set the trusted_certificates property in SCC and 41 (Error reading from the trusted certificate file '%1') if we set any value. The only to have the synchronization work is to import the certificate in XCODE and set the trusted_certificate to point the file on the project.

As a side note, SAP Retail Execution for android is working fine.

Any clue? Is it possible to synchronize in iOS vithout importing the certificate in the application, as we do in Android?

Thank you very much,

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member223308
Explorer
‎11-08-2013 2:41 AM
0 Kudos

Hi Francesco,

Yes, iOS is very strict with its certificate management and hence you need to be extra sure about the CA certificates and authentication .

I could help you solve this if you could clarify me on certain points in this context.

1. Are you trying to set up a single SSL ( 8001 port) or mutual SSL ( 8002 port)

2. If the relay server is set up to work for https, has the relay server been enabled for mutual ( if required)

     default mode would be single SSL if it is selected with the 443 port.

3. When the relay server is used between your client and SUP Server, the first level of authentication

    will be made between your client and the relay server. Hence, you will have to add the CA/ root        certificate of the relay server to the trust store of the device . But, I have verified the SSl with relayserver

only from 233 onwards where we have a provision to import the certificates to the relayserver configurations through SCC.

As the first step , you can try to configure the server for mutual SSL and establish a HTTPS channel between SUP server and the device by using 8001 port ( Single) or setting up mutual SSL.

Once this is done, you will have to import the root certificate to the trust store of SUP server.

Generate a p12 certificate ( signed by the same CA as the root certificate) and use this as the

client certificate in case of mutual SSL. Also, it is very important not to forget adding the CA certificate to the trust store of your device. It should show up under your device-> general-> profiles

Now, you are good to go and the secure channel would be established.

Best Regards,

Sharvari

Show replies
Show replies
Former Member
‎11-08-2013 8:46 AM
0 Kudos

Hi,

thank you very much for your reply.

The landscape is a little bit different:

SUP (2.2.4) -> HTTP -> Relay server -> HTTP -> Tmg -> HTTPS (443, VeriSign) -> devices

As I mentioned before, the iOS app is synchronizing fine but we had to manually import the signed certificate in the XCODE project.

Anyway, as you said, the last 2.3.3 should fix the problem, as the official changelog says:

PROBLEM: Server does not support download end-

                          to-end encryption certificate to iOS SUP

                          client; and iOS client does not support use

                          server downloaded certificates for Ultralite

                          synchronization.   SOLUTION: Fixed.

Thank you again,

Answers (0)

Ask a Question