Data Synchronizer Mobility Connector SSL Issues
Welcome to the Novell Data Synchronizer Mobility Connector Wiki
As we prepare for beta, we are testing various SSL Certificates and CAs for use with popular devices. Please feel free to add your experiences in any of these pages.
General SSL Issues
While the Data Synchronizer Mobility Connector has the facility to create a self-signed SSL certificate, you will find that many devices will either not work well (i.e., will require continual user intervention to accept the certificate), or not work at all (i.e., will require a trusted certificate or not connect). Data Synchronizer Mobility Connector Devices contains tables for many devices to describe their workings with the Mobility Connector. There is an "SSL Issues" row in each of these tables that can be used to document how various devices interact with various certificates. Please feel free to add information that you discover to those tables.
Conflicting certificates on the phone
If you have been connected to a mobility server with a self-signed certificate and want to connect to another server or if you've re-installed your mobility server, you might find that the phone won't be able to permanently store the certificate of the server. In this situation make sure you delete the old certificate from your phone as it might prevent the new certificate to get imported.
Installing an SSL Certificate
If you will not be using the self-signed certificate generated by the Mobility Connector, here are a few important things to note:
- When you request your certificate ask for it in PEM format, containing both the private key and certificate.
- If you have two files, such as .crt and .key or similar, you can combine the files together in the following format:
-----BEGIN RSA PRIVATE KEY----- random stuff -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- random stuff -----END CERTIFICATE-----
- If the device you are testing does not recognize the CA of your certificate, and can import the CA, you can try to create a DER file of the root certificate bundle and install it on the device. One way to do this is to put it on a web server and browse to it from the device. Then follow the device instructions for adding the certificate to the trusted root store on the device.
- These instructions are very generic at this point. We ask that as you develop specific procedures for devices you are testing, you add those procedures to the device list at Data Synchronizer Mobility Connector Devices.
Problems with various certificates
Problems have been reported with some certificates. If you have other certificates that are not working with devices, or if you have found fixes for the issues listed below, please add your experiences here.
- Some devices will not recognize the Comodo CA as trusted.
- DigiCert certificates work great. Just be sure, like with other SSL Certificate providers, that you configure the server to send the intermediate certificates needed to chain up to the trusted root.
- GoDaddy Wildcard certificate. Create a "wildcard.pem" by concatenating "Private Key" + "Wildcard Certificate" + "gd_bundle.crt" (https://certs.godaddy.com/anonymous/repository.seam). Using this wildcard.pem, copied it to /var/lib/datasync/device/mobility.pem, and /var/lib/datasync/webadmin/server.pem. (retain the mobility.pem and server.pem names for ease of use). Remember to back up the original files before overwriting them. Then 'rcdatasync restart'. Tests fine with HTC Hero.
Return to Data Synchronizer Mobility Connector