cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SUP Server and Relay Server scenario in Https

Go to solution
Former Member

on ‎10-02-2013 1:28 PM

0 Kudos

Hello,

     we are running a SUP Server 2.1.3 in production with a Relay Server.  Right now all communications are in Http but we are looking to a new scenario for which we should have a new scenario for which client devices should connect to Relay Server in HTTPS but leaving all communication between RS and SUP Server in Http.

So the to-be scenario should be made by the 2 following:

A: Device client <-> HTTP <-> Relay Server <-> HTTP <->SUP Server

B: Device client <-> HTTPS <-> Relay Server <-> HTTP <->SUP Server

I want to be sure that:

1. Outboud enablers already configured in HTTP should not be modified (otherwise we would have an impact on previous scenario A)

2. Relay Server web server should be configured for HTTPS by importing certificates on server

3. SUP Server doesn't need any modification?

4. Clients need to import certificates to access RS in HTTPS?

Thank you in advance for any helpful suggestion.

Regards,

Lorenzo

Show replies
Show replies
Answer

Accepted Solutions (1)

Accepted Solutions (1)

former_member10452
Employee
Employee
‎10-03-2013 9:15 AM
0 Kudos

Hi Lorenzo,

In 2.1.3, you can have HTTPS (Single) between client (device) and Relay server. Relay server to SUP server will be HTTP only (same configuration, no change) which means outbound enablers dont need any changes (also no change in backend security option on relay server for your Farm).

You can also make your Relay server to SUP server HTTPS (Single) and for this you would need to change your Outbound enabler setting. You would need to import CA cert of your relay server into Outbound enablers trusted certificate list and then start again. For this, on relay server if you have defined backend_security=off then either turn it to on or disable it so that you can use it for both HTTP and HTTPs (Single).

To enable HTTPS on relay server, you need to apply valid server certificate on HTTPs port of relay server and if for your Farm, you are using client_security=off then make to on or you can also comment it so that it will work for both HTTPS and HTTP device connection.

Yes, you need to import CA cert of your relay server certificate in order to trust the relay server cert on your device.

Regards,

Abhishek Joshi

Show replies
Show replies
Former Member
‎10-03-2013 10:31 AM
0 Kudos

Hello Abhishek,

         thank you very much for your reply.  Few more questions:

On devices should I import the public key of the RS certificate or should we plan to generate a different certificate for each device?

Is it the same for android devices as well as iOs?

I couldn't find any documentation available (infocenter and SCN docs+blogs) explaing this scenario, can you suggest me where to look at?

I really appreciate your support.

Thank you,

Lorenzo

former_member10452
Employee
Employee
‎10-03-2013 10:57 AM
0 Kudos

Hi Lorenzo,

You can import CA cert of your relay server on each device (iOS and Android) as it's common. Device will receive certificate of relay server and check that it's trusted or not and once you import CA of your relay server cert, it will be trusted and accepted on device.

Regards,

Abhishek Joshi

former_member10452
Employee
Employee
‎10-03-2013 12:55 PM
0 Kudos

Hi Lorenzo,

If you have any other open doubts/problem then please let me know.

Regards,

Abhishek Joshi

Abhi
Advisor
Advisor
‎10-04-2013 4:12 AM
0 Kudos

Hi Abhishek & Lorenzo

Thanks for the Interesting post!!

Wanted to explore a bit more on How the Relay Server cert will be applied to the devices

Hi Abhishek, Lets imagine 2 scenarios where the Relay Server cert is

a) A self signed cert. This could be generated in House

b) A Cert recieved from external well known CA's like Verisign for ex.

1. Just wondering under a) & b) what will be the process of applying the Cert onto devices?, same or is there a difference?

2. Under a) & b) How's the Cert actually applied to various devices. Can this be automated if the devices are a lot (say 500)

Thanks & Rgds

Abhishek

former_member10452
Employee
Employee
‎10-04-2013 5:03 AM
0 Kudos

Hi Abhishek,

In case of external well known CA, the CA would be already available in your device certificates. You can check what all certificates are already trusted by your device in settings.

For self signed cert, you need to import the cert into truststore of all the devices.

In order to import cert into automatically into truststore of devices, you can use afaria services.

Regards,

Abhishek Joshi

Former Member
‎10-04-2013 1:54 PM
0 Kudos

Hi Abhishek,

       could you suggest me any source of documentation about those scenarios discussed here so to be able to deepen the subject?

Thanks again for your support.

Regards,

Lorenzo

former_member10452
Employee
Employee
‎10-04-2013 3:12 PM
0 Kudos

Hi Lorenzo,

You can check below link for how to do HTTPS (import CA certificate of relay server) on RSOE side.

http://infocenter.sybase.com/help/topic/com.sybase.infocenter.dc01092.0213/doc/html/aba1297786767483...

I couldn't find any doc on client side part but i can tell you that this is how it's going to work.

Regards,

Abhishek Joshi

Answers (0)

Ask a Question