on 09-19-2014 9:52 AM
Hi Experts,
We are on BI4.1 SP3, with SSL and sso enabled in the BI platform. We are now planed to implement mobile server. Devices to connect to BI mobile are iPad and iPhones.
I have configured mobile server. When run the link http://servername:port/MobileBIService/MessageHandlerServlet?message=GetVersion
I can get the result: the xml with the correct version no.
But when import the configured connection from iPad, and imported all certificate. we still get below error
As we have certificate chains, as below.
How should be import the certificate to iPad. should we import one by one or shoud import all certificates at once
Thanks,
Youqin
Sorry to hijack this message, but did this ever get resolved?
I am having similar problems and have the root, intermediate and final certificates all on my device (all with the trusted sign) however I am still getting the error.
Thanks
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi,
I am afriad I have done what Atul suggested and I can see the root certificate on the device and it is trusted however the App still presents the error. Likewise, I can browse to the BI launchpad with Safari and get no certificate errors.
I have a ticket open with SAP but so far haven't had a resolution.
Thanks
I am afraid I still haven't. I have an open ticket with SAP and this is the latest message of theirs
HTTP Strict Transport Security (HSTS) hosts should declare HSTS policy
at their top-level domain name.
For example, an HSTS host at https://sub.example.com should also
answer with the HSTS header at https://example.com
In addition to HSTS deployment, a host for https://www.example.com
should include a request to a resource from https://example.com to
make sure that HSTS for the parent domain is set and protects the user.
FYI
http://tools.ietf.org/html/rfc6797#section-12.4
Check [Page 34]
RFC 6797 HTTP Strict Transport Security (HSTS) November 2012
With the above information you will appreciate that the SAP BI Mobile
App will never trust xx.mydomain.com on its own as long as it has
different certicate chain as mydomain.com
If you are not willing or able to perform the above steps, consider
the already known workaround of trusting your domain manually on iPads
(the security exception "red" page in the app).
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Ashutosh,
Thanks for the quick reply. I've used security expection method, and it worked fine for us.
The concern for me is the certificates. as I mentioned in my original post, we have a certificate chain. how we gonna install all these certificates. Should we export certificate one by one from server, then install the certificates in iPad? when installing the certificates, do certificates have orders e.g. need to install parent cert first then child cert?
I tried to user .P7B cert type, but this cert type is not recognized in iPad.
Could you please advise on this.
Thanks,
Youqin
Hi Youqin,
If your top most certificate is not trusted by IOS (For the list of Certificate Authorities trusted by iOS, refer to-> http://support.apple.com/kb/ht5012). Then, you need to install all the certificates in the chain. Your IT team can help you on how to achieve that.
Alternatively, get your current servers signed by a CA trusted by iOS
Hope that helps.
Regards,
Ashutosh
Hi Youqin,
Please check
The CAs of your server certificates are trusted by iOS (such as Verisign, Thawte and others listed at http://support.apple.com/kb/ht5012 )
Alternatively, the root certificate of your server is installed on the client device (iPhone or iPad) as a profile, so that when the connection to server is added in the application, the device can verify the server certificate.
If both are good to go, check if you are able to see certificates under the profiles on your IPAD.
Once that is done, you will get a trusted sign on them.
Regards,
Atul B
User | Count |
---|---|
86 | |
10 | |
10 | |
9 | |
7 | |
7 | |
6 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.