Importing an X.509 Certificate to an iOS Client from the SAP Mobile Server

Log in to SAP Mobile Server and authenticate a client using a generated X.509 certificate instead of a user name and password combination.

  1. Copy the X.509 certificate used for authentication into a directory on the same host as the SAP Mobile Server. For example, c:\certs.
  2. Create a registry string value on the SAP Mobile Server at HKLM\Software\Sybase\Sybase Messaging Server\CertificateLocation and populate it with the path. For example, c:\certs.
  3. Name the X.509 certificate file as domain_user.p12, where domain is the SAP Mobile Server domain and user is the certificate user. The user must have read permission for .p12 file.
  4. The system administrator must ensure the specified domain\user has “logon as batch job” permission on the Windows machine on which the SAP Mobile Server runs:
    1. Double-click Control Panel > Administrative Tools > Local Security Policies.
    2. Expand Local Policies and select User Rights Assignment.
    3. Right-click Log on as a batch job and select Properties.
    4. Select Add User or Group and add the domain\user.
  5. The account under which the SAP Mobile Server runs must have adequate permissions to impersonate the domain\user. For example, the Administrator account for the domain.
  6. Include code that imports the certificate from the SAP Mobile Server, and sets up the login credentials for the package.
    // Import certificate from server
    SUPLoginCertificate *lc = [cs getSignedCertificateFromServer:@"<ServerName>\\ssotest" withServerPassword:@"s1s2o3T4" withCertPassword:@"password"];
    [[LogInfo sharedInstance] testPassed:@"SAPSSOCertTest" :@"GetCertificateFromServer"];
    NSLog(@"Imported certificate from server: subjectCN = %@",lc.subjectCN);
    
    // Attach certificate to sync profile
    sp.certificate = lc;
    [lc release];
    
    while ([SUPApplication connectionStatus] != SUPConnectionStatus_CONNECTED) {
      NSLog(@"waiting to connect...");
      sleep(2);
    }
    
  7. Perform a database subscribe and synchronize as appropriate.