Hi all,

We are trying to upgrade our Mobilink 16 server to Mobilink 17 with HTTPS, but i can not find any proper documentation about certificate creation. The old HTTPS certificate is incorrect for the version 17. So anybody know a link about certificate creation or is there a step by step tutorial somewhere? We are using android clients with UltraliteJ and on server side Mobilink 17. For certificate creation i tried createcert.exe(Every time i get an error during synchronization from client).

Best regards: Kornel Veres

asked 05 Dec '18, 08:00

Kornel86's gravatar image

Kornel86
11113
accept rate: 100%

1

It would be helpful to know the error that you are getting.

I would review the SA 17 new features section "Strong encryption now achieved using OpenSSL" found at this link.

(05 Dec '18, 08:56) Chris Keating

Hi Chris,

All the time i get this message E. 2018-12-05 15:10:06. <1> [-10117] Stream Error: The TLS handshake failed, error code 0x140890c7

I am 95% sure that i generate the client certificate wrong but i can not find out what am i missing or what is the proper way for the creation.

On the server i use createcert.exe to create a selfsigned root certificate. During generation i select 'N' for Certificate Authority and 1,3,4,5,6 options for Key usage. At the end i get a certificate with private key and identity.

-------------Mobilink Server---------------
In Mobilink config i use these certificates:
-v+
-zu+
-zs mlsrv_lead_sfa_ml
-c  "DSN=TEST;uid=test;pwd=testpw;StaticCursorLongColBuffLen=2100000"
-cinit 1g
-cmin 1g
-w 50
-wm 100
-x https(port=121;Identity=C:\Certificates\New\c\root.id;Identity_Password=testpw;trusted_certificate=C:\Certificates\New\c\root.crt)
-o C:\Mobilink\log\lead_sfa_ml.mls
-os 25m
-et C:\Mobilink\log\lead_sfa_ml_error.mls
-sl dnet(-MLAutoLoadPath=C:\Mobilink\assemblies\dotnet -clrVersion=v4.0.30319)

----------Client side--------------
On client i use this root.crt during synchronization
SyncParms syncParms = this.sfadb._conn.createSyncParms(SyncParms.HTTPS_STREAM, this.sfadb._username,pubName);

if (syncObserver != null)
{
    syncParms.setSyncObserver(syncObserver);
}

StreamHTTPSParms streamParms = (StreamHTTPSParms) syncParms.getStreamParms();
streamParms.setHost(this.sfadb._host);
streamParms.setPort(this.sfadb._port);

File externalStorageDirectory = Environment.getExternalStorageDirectory();
File f = new File(externalStorageDirectory, "Certificate/root.crt");
if (f.exists())
{
    streamParms.setTrustedCertificates(f.toString());
}

Maybe i need to create a root self signed certificate with 5,6 key options and Certificate Authority with Y. Then create another certificate for server and client and sign with the root certificate?

Br.: Kornel

(05 Dec '18, 09:30) Kornel86

I fixed the problem after reading Chris documentation although the documentation is not correct.

I created a root certificate with 6,7 key option then i used this certificate for signing the server certificate which was created 1,3,4,5 key options. Then i used the server identity for mobilink server configuration without trusted_certificate parameter. On client side i used the above linked code but i needed to set the followings:
streamParms.setCertificateCompany("LSH"); streamParms.setCertificateName("LSH"); streamParms.setCertificateUnit("Development");

Without these, you can not use HTTPS connection with custom certification because on the server side you can not use skip_certificate_name_check parameter. If you try to use it you will get an error. Since Mobilink 17 you need to set these values because if this option is set to OFF, and if none of the certificate_name, certificate_company, or certificate_unit protocol options are set, then the host name of the database server must match the host name of the database server certificate. In Mobilink 16 these check was disabled automatically if none of the parameters were set.

Thank you for all your help.

Br.: Kornel

permanent link

answered 06 Dec '18, 05:35

Kornel86's gravatar image

Kornel86
11113
accept rate: 100%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×243
×24

question asked: 05 Dec '18, 08:00

question was seen: 1,410 times

last updated: 07 Jan '19, 14:59