on 09-02-2013 11:03 AM
Hi everybody,
we are stuck with a synchronization issue via relay server /HTTPS in SUP 2.2.4 .
We have developed a Native application both for Android and iOS devices and configured the Unwired Server / relay server to use HTTPS.
While on the android device everthing is fine with iOS we have certificate errors
STEPS:
IOS: we get error 207 (No trusted root certificates were provided) if we don't set the trusted_certificates property in SCC and 41 (Error reading from the trusted certificate file '%1') if we set any value. The only to have the synchronization work is to import the certificate in XCODE and set the trusted_certificate to point the file on the project.
As a side note, SAP Retail Execution for android is working fine.
Any clue? Is it possible to synchronize in iOS vithout importing the certificate in the application, as we do in Android?
Thank you very much,
Hi Francesco,
Yes, iOS is very strict with its certificate management and hence you need to be extra sure about the CA certificates and authentication .
I could help you solve this if you could clarify me on certain points in this context.
1. Are you trying to set up a single SSL ( 8001 port) or mutual SSL ( 8002 port)
2. If the relay server is set up to work for https, has the relay server been enabled for mutual ( if required)
default mode would be single SSL if it is selected with the 443 port.
3. When the relay server is used between your client and SUP Server, the first level of authentication
will be made between your client and the relay server. Hence, you will have to add the CA/ root certificate of the relay server to the trust store of the device . But, I have verified the SSl with relayserver
only from 233 onwards where we have a provision to import the certificates to the relayserver configurations through SCC.
As the first step , you can try to configure the server for mutual SSL and establish a HTTPS channel between SUP server and the device by using 8001 port ( Single) or setting up mutual SSL.
Once this is done, you will have to import the root certificate to the trust store of SUP server.
Generate a p12 certificate ( signed by the same CA as the root certificate) and use this as the
client certificate in case of mutual SSL. Also, it is very important not to forget adding the CA certificate to the trust store of your device. It should show up under your device-> general-> profiles
Now, you are good to go and the secure channel would be established.
Best Regards,
Sharvari
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
thank you very much for your reply.
The landscape is a little bit different:
SUP (2.2.4) -> HTTP -> Relay server -> HTTP -> Tmg -> HTTPS (443, VeriSign) -> devices
As I mentioned before, the iOS app is synchronizing fine but we had to manually import the signed certificate in the XCODE project.
Anyway, as you said, the last 2.3.3 should fix the problem, as the official changelog says:
PROBLEM: Server does not support download end-
to-end encryption certificate to iOS SUP
client; and iOS client does not support use
server downloaded certificates for Ultralite
synchronization. SOLUTION: Fixed.
Thank you again,
User | Count |
---|---|
85 | |
10 | |
10 | |
9 | |
6 | |
6 | |
6 | |
5 | |
4 | |
3 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.