We're having issues getting sync to work over HTTPS.

We found a post that referenced a sybase blog post that no longer exists, but managed to dig it up via the WaybackMachine:

http://web.archive.org/web/20121125213146/http://iablog.sybase.com/mobiledatabase/2011/07/https-synchronization-on-android-handling-certificates/

We've tried using this - but we always get an exception:

com.ianywhere.ultralitejni12.implementation.JniException: UltraLiteJ Error[-1305]: MobiLink communication error -- code: 24, parameter: , system code: 336134278

(code 24 is SECURE_CERTIFICATE_NOT_TRUSTED)

Is there more to it than simply using streamParams.setTrustedCertificates(/path/to/my_cert.pem) ? Do we need to create a BKS for the app? The blog post I've referenced above doesn't seem to indicate this is necessary..

Any help would be much appreciated!

asked 06 Mar '14, 10:55

technomatt's gravatar image

technomatt
66248
accept rate: 0%


It's a long time since I wrote that post, so my memory is fuzzy (but it certainly did work at the time). You don't need to create a BKS for the app because the scenario unpacks the public certificate and stores it in the file system, and then the setTrustedCertificates reads it from the file system.

The things to check, if you are trying to reproduce the post, are:

  • Have you started the ML server using the self-signed certificate?
  • Have you unpacked the client-side cert into the file system?
  • I seem to recall an issue that the "root" of the file path is not obvious (there is a mismatch in "/data" somewhere). Are you sure you are accessing the certificate properly?

If you want to eliminate sources of error, I would recommend using the SYNCHRONIZE statement in ISQL and synchronizing from the desktop. If you use trusted_certificate and get a successful sync, you know that the certificates are compatible.

To some extent, it's an atypical scenario as you would be more likely to have a server-side certificate that is in a chain to some certificate authority (instead of a self-signed cert) and you would use a client-side cert in the device's certificate store that knows about that authority.

permanent link

answered 06 Mar '14, 12:16

Tom%20Slee's gravatar image

Tom Slee
1.2k21429
accept rate: 29%

edited 06 Mar '14, 15:57

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×60
×12

question asked: 06 Mar '14, 10:55

question was seen: 685 times

last updated: 06 Mar '14, 15:57