cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to import certificate chain to ipad

former_member404345
Explorer

on ‎09-19-2014 9:52 AM

0 Kudos

Hi Experts,

We are on BI4.1 SP3, with SSL and sso enabled in the BI platform. We are now planed to implement mobile server. Devices to connect to BI mobile are iPad and iPhones.

I have configured mobile server. When run the link http://servername:port/MobileBIService/MessageHandlerServlet?message=GetVersion

I can get the result: the xml with the correct version no.

But when import the configured connection from iPad, and imported all certificate. we still get below error

As we have certificate chains, as below.

How should be import the certificate to iPad. should we import one by one or shoud import all certificates at once

Thanks,

Youqin

Show replies
Show replies
Answer

Accepted Solutions (0)

Answers (2)

Answers (2)

Former Member
‎10-17-2014 11:02 AM
0 Kudos

Sorry to hijack this message, but did this ever get resolved?

I am having similar problems and have the root, intermediate and final certificates all on my device (all with the trusted sign) however I am still getting the error.

Thanks

Show replies
Show replies
former_member404345
Explorer
‎10-17-2014 12:17 PM
0 Kudos

Hi Davis,

The problem is still there.

Have you done what Atul advised? if your problem is solved, could you let me know how do you solve the issue.

Thanks,

Former Member
‎10-17-2014 12:24 PM
0 Kudos

Hi,

I am afriad I have done what Atul suggested and I can see the root certificate on the device and it is trusted however the App still presents the error. Likewise, I can browse to the BI launchpad with Safari and get no certificate errors.

I have a ticket open with SAP but so far haven't had a resolution.

Thanks

former_member404345
Explorer
‎11-06-2014 8:44 AM
0 Kudos

Hi Davis,

Have you solved the problem?

Thanks,

Youqin

Former Member
‎11-06-2014 8:52 AM
0 Kudos

I am afraid I still haven't. I have an open ticket with SAP and this is the latest message of theirs

HTTP Strict Transport Security (HSTS) hosts should declare HSTS policy

at their top-level domain name.

For example, an HSTS host at https://sub.example.com should also

answer with the HSTS header at https://example.com

In addition to HSTS deployment, a host for https://www.example.com

should include a request to a resource from https://example.com to

make sure that HSTS for the parent domain is set and protects the user.

FYI

http://tools.ietf.org/html/rfc6797#section-12.4

Check [Page 34]

RFC 6797  HTTP Strict Transport Security (HSTS) November 2012

With the above information you will appreciate that the SAP BI Mobile

App will never trust xx.mydomain.com on its own as long as it has

different certicate chain as mydomain.com

If you are not willing or able to perform the above steps, consider

the already known workaround of trusting your domain manually on iPads

(the security exception "red" page in the app).



former_member404345
Explorer
‎11-06-2014 9:02 AM
0 Kudos

Thanks Davis, Once I opened a ticket to SAP support. They said certificate issue is out of their scope. I will open a ticket, and let's what they say.

ashutosh_rastogi
Active Contributor
‎09-19-2014 10:01 AM
0 Kudos

Hi Youqin,

Following blog should help you

Regards,

Ashutosh

Show replies
Show replies
former_member404345
Explorer
‎09-19-2014 10:11 AM
0 Kudos

Hi Ashutosh,

Thanks for the quick reply. I've used security expection method, and it worked fine for us.

The concern for me is the certificates. as I mentioned in my original post, we have a certificate chain. how we gonna install all these certificates. Should we export certificate one by one from server, then install the certificates in iPad? when installing the certificates, do certificates have orders e.g. need to install parent cert first then child cert?

I tried to user .P7B cert type, but this cert type is not recognized in iPad.

Could you please advise on this.

Thanks,

Youqin

ashutosh_rastogi
Active Contributor
‎09-19-2014 10:22 AM
0 Kudos

Hi Youqin,

If your top most certificate is not trusted by IOS (For the list of Certificate Authorities trusted by iOS, refer to-> http://support.apple.com/kb/ht5012). Then, you need to install all the certificates in the chain. Your IT team can help you on how to achieve that.


Alternatively, get your current servers signed by a CA trusted by iOS


Hope that helps.


Regards,

Ashutosh

former_member404345
Explorer
‎09-23-2014 9:28 AM
0 Kudos

Hi Ashutosh,

Thanks for you reply. I've tried to install all the certificates in the chain to iPad, but it seemed didnot worked for us.

Thanks

Youqin

Former Member
‎09-23-2014 9:40 AM
0 Kudos

Hi Youqin,

Please check

The CAs of your server certificates are trusted by iOS (such as Verisign, Thawte and others listed at http://support.apple.com/kb/ht5012 )

Alternatively, the root certificate of your server is installed on the client device (iPhone or iPad) as a profile, so that when the connection to server is added in the application, the device can verify the server certificate.

If both are good to go, check if you are able to see certificates under the profiles on your IPAD.

Once that is done, you will get a trusted sign on them.

Regards,
Atul B

Ask a Question