Importing an X.509 Certificate to an iOS Client from the Unwired Server

Log in to Unwired Server and authenticate a client using a generated X.509 certificate instead of a user name and password combination.

1. Copy the X.509 certificate used for authentication into a directory on the same host as Unwired Server. For example, c:\certs.
2. Create a registry string value on Unwired Server at HKLM\Software\Sybase\Sybase Messaging Server\CertificateLocation and populate it with the path. For example, c:\certs.
3. Name the X.509 certificate file as domain_user.p12, where domain is the Unwired Server domain and user is the certificate user. The user must have read permission for .p12 file.
4. The system administrator must ensure the specified domain\user has “logon as batch job” permission on the Windows machine on which Unwired Server runs:
   1. Double-click Control Panel > Administrative Tools > Local Security Policies.
   2. Expand Local Policies and select User Rights Assignment.
   3. Right-click Log on as a batch job and select Properties.
   4. Select Add User or Group and add the domain\user.
5. The account under which Unwired Server runs must have adequate permissions to impersonate the domain\user. For example, the Administrator account for the domain.
6. Include code that imports the certificate from Unwired Server, and sets up the login credentials for the package.

   // Import certificate from server
   SUPLoginCertificate *lc = [cs getSignedCertificateFromServer:@"<ServerName>\\ssotest" withServerPassword:@"s1s2o3T4" withCertPassword:@"password"];
   [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromServer"];
   NSLog(@"Imported certificate from server: subjectCN = %@",lc.subjectCN);
   
   // Attach certificate to sync profile
   sp.certificate = lc;
   [lc release];
   
   while ([SUPApplication connectionStatus] != SUPConnectionStatus_CONNECTED) {
     NSLog(@"waiting to connect...");
     sleep(2);
   }
   

7. Perform a database subscribe and synchronize as appropriate.