If you are using HTTPS to connect to your SAP BusinessObjects Mobile server, the SAP BI mobile application allows connections to only trusted servers. For the application to establish successful connections to a server, it is essential that:
Your server is trusted. This includes the following aspects:
- The server certificate must have been obtained from a Certificate Authority (CA)
o The CAs of your server certificates are trusted by iOS (such as Verisign, Thawte and others listed at http://support.apple.com/kb/ht5012 )
o Alternatively, the root certificate of your server is installed on the client device (iPhone or iPad) as a profile, so that when the connection to server is added in the application, the device can verify the server certificate.
If the above conditions are not met, and users tries to add a connection to the server, they encounter an error like this:
Connection to the server could not be established (MOB06031)
(HTTP-1202) Details: The certificate for this server is invalid. You might be connecting to a server that is pretending to be <server1.servers.xxcompany.com> which you could put your confidential information at risk.
If you are not using a root certificate that is preinstalled on user’s device (such as a root certificate created by your company), you can distribute it using one of the following ways:
- Using the Mobile Device Management tools
- Sending as an email attachment
- By hosting the root certificate on a server and sharing the link
For example, to retrieve the root certificate of a trusted server and to share it with other users, you can follow the below procedure:
- Open your browser Settings, and open the Certificates (depending on your browser, the Manage Certificates or Certificates option may appear in one of the tabs).
- In the Certificates window, access the Trusted Root Certification Authorities tab as shown in the figure below.
3. Select the trusted root certificate corresponding to your server, and choose Export. The Certificate Export wizard appears.
4. Follow the prompts to export the certificates
The certificate is saved on your machine. Attach the certificate in an email and send it to the required recipients. Alternatively, host the root certificate on a server and send the URL to the users.
When users receive the certificate on their iOS device, they get the Install option on tapping the file or the URL. Once installed, the certificate appears on the device as a profile, and users can confirm its installation using the following on their iPhone or iPad:
Temporarily, the SAP BusinessObjects Mobile application provides you with an option to bypass the verification of server certificate. However, this option should be used only in exceptional situations. We recommend you to install all the root certificates required for your servers on the device. Alternatively, get your current servers signed by a CA trusted by iOS. (For the list of Certificate Authorities trusted by iOS, refer to-> http://support.apple.com/kb/ht5012).
This temporary option will be removed from the application any time during the next release of the application.
To bypass the verification of server certificate and to establish connections to an uncertified server through the application, access Application Settings -> Additional Settings-> Security Exceptions, and add the names or the IP addresses (of the servers that you want to be ignored for verification) to the IGNORE SERVER TRUST CERTIFICATE field.