Complete the encryption of the replication-based synchronization, by verifying the setup of device clients. Typically, device clients are set up by development teams.
See the applicable device platform developer reference for details about how to establish a secure connection with or without Relay Server.
- Ensure the application code has been modified to use the HTTPS protocol, port, and stream parameters (with or without a relay server as is appropriate for your environment).
- If you use relay server, and followed the previous steps in the Encrypting Replication-Based Synchronization Connections task workflow, the application developer use these settings in the code to connect to the relay server's secure port. For example:
- Port – 443.
- Protocol – HTTPS (this is equivalent to the MobiLink stream type).
- Stream parameter –
"url_suffix=/ias_relay_server/client/rs_client.dll/[SUP_FARM_ID];tls_type=RSA;trusted_certificates=rsa_root.crt;identity=id_client.pem;identity_password=pwd;"
Note: The identity=id_client.pem;identity_password=pwd segments of the stream parameter are only required if you use a relay server HTTPS port (requires client certificate mutual authentication). This configuration allows the relay server to block denial-of-service attacks at the periphery of you network, should you require that degree of security.
- If you use Unwired Server in the DMZ or in a development environment, and followed the previous steps in the Encrypting Replication-Based Synchronization Connections task workflow, the application developer uses these settings in the code to connect the secure port:
- Unwired Server Port – 2481.
- Protocol – HTTPS (this is equivalent to the MobiLink Stream Type).
- Stream Parameter – trusted_certificates=mypublic_cert.crt
- Make the rsa_root.crt and id_client.pem available for the application on the device. They can be included in the application or deployed separately.