Provisioning the Unwired Server Public Key

(Applies only to Online Data Proxy) Retrieve the public key of the Unwired Server to populate its value in the provisioning file.

During startup, the server verification key is stored in a text file called ServerVerificationKey.txt in <UnwiredPlatform_InstallDir>/Servers/MessagingServer. It is created only at messaging service startup, so the messaging service must be started at least once to see this file. The data in this file is the Base64 encoded server verification key and should be used as the value for the serververificationkey= key.

To ensure proper security for application clients on the iOS, Android and Blackberry platforms, pre-provision the Unwired Server public key:

1. Perform onboarding of devices securely from within the ‘intranet’ in the corporate firewall by directly providing the connection details for the relay server (RS) which is present in the DMZ.

   Network traffic from the device to DMZ Relay server is not routed through the public internet because typically there is an outbound port opened between the corporate network and the DMZ network to enable a secure communication. There is no forward proxy setting involved.

   Sybase Unwired Platform persists the public key obtained during onboarding from the trusted intranet connection as the verification key, and validates subsequent requests against this verification key. This key is never exchanged or reset even if the devices are in public networks.

2. To onboard with a different Unwired Server, the application explicitly must use the clear or reset APIs to clear the verification key, as described in Developer Guide: OData SDK. Alternatively, end users can uninstall and re-install the application.

Another option is for applications to pre-provision the Unwired Server public key securely onto the device before onboarding from a public network. See System Administration > Device Provisioning > Application Provisioning > Provisioning an Application Using a File.