Set up client-side certificates to secure synchronization between Microsoft IIS server and device clients in a Relay Server configuration. Two synchronization parameters support this feature: identity and identity_password.
Device clients cannot directly authenticate to Unwired Server using client-side certificates. The client-side certificates can be used only to authenticate to third-party servers and proxies that have been configured to accept client-side certificate authentication.
These synchronization parameters support client-side certificates:
- identity – identifies the file that contains the client's identity. An identity consists of the client certificate, the corresponding private key, and, optionally, the certificates of the intermediary certificate authorities. This parameter is equivalent to MobiLink server's 'identity' parameter.
- (Optional) identity_password – specifies the password used to encrypt the private key found in the identity file. identify_passwored is only required if the private key in the identity file is encrypted. This parameter is equivalent to MobiLink server's 'identity_password' parameter.
Note: Client-side authentication is not supported in UltraLiteJ (RIM Blackberry) devices.
To set up client-side authentication:
- Set up client authentication for the Virtual Directory/Web Extension that contains the rs_client.dll. Request client-side certificates only for connections to the rs_client.dll. There should be no request for client-side certificates on the rs_server.dll because this is a server connection.
- Copy the client-side certificate, generated by the Certificate Manager, to the client device.
- If everything is configured correctly with IIS, then specifying identity on the MobiLink client connection parameter should work.