TLS encryption is the recommended method for closing the WAP gap that may exist with synchronization.
- Keys and certificates: By default, synchronization is automatically configured for end-to-end encryption (E2EE) and uses the HTTPS certificates for mutual authentication. The default configuration uses the default key and certificate pairs. You must exchange these defaults with production-ready ones. For example:
- For E2EE with TLS, generate the E2EE private key and public key at the same time; the public key is provisioned to the device client.
- For HTTPS with SSL, generate the HTTPS server identity certificate and server public certificate at the same time; the HTTPS public certificate is provisioned to the device client.
- Encryption protocols: You can choose the degree of security you require. Unwired Server can support multiple protocols.
The values the administrator defines must be coordinated with the developer.
- UltraLite/UltraLiteJ client dependency: E2EE is dependent on an UltraLite synchronization clients. Therefore, you can only use E2EE with UltraLite on Windows Mobile and Android devices. While BlackBerry clients can use UltraLiteJ clients, UltraLiteJ does not support the definition of HTTPS public certificate file paths. To use TLS (but not E2EE) with BlackBerry, you must install the trusted certificates on the device before you configure TLS.
- Device configuration using templates: Administrators create an application template that contains initial configuration settings for the device application, including those required for E2EE. When a device client is registered, then onboarded, the encryption public key file and HTTPS public certificate file are provisioned wirelessly to the device. These artifacts can also be identified by the application developer as part of a synchronization profile.