Novell Vibe app for iOS device fails to login

  • 7014758
  • 19-Mar-2014
  • 12-Aug-2019

Environment

Novell Vibe app for iOS , version 1.0.3

Situation

Why can't I login to my Vibe 3.4 site on SLES11 from my iOS iPhone device , using the Novell Vibe App for iOS ?

I get the error:

Error, the certificate for this server is invalid.  You might be connecting to a server that is pretending to be "<YourVibeServerHostName>" which could put your confidential information at risk ", OK.

When I press OK, nothing happens and I never login to Vibe.

Resolution

The certificate in use for the Vibe system on SLES11 is a self-signed certificate by default and currently iOS devices do not allow connecting to a Vibe system, via a self-signed certificate.

The options to resolve are :

1.  Purchase an SSL certificate from a trusted certificate authority to use in your Vibe system, after this you then can use the Novell Vibe 3.4 documentation to install the purchased certificate files for use in the Vibe system : 

          *** NOTE: Option # 1 is the best choice for maximum security ***

    https://www.novell.com/documentation/vibe34/vibe34_admin/data/bju0gr2.html

2.  If you do not want to purchase an SSL certificate (If you just want to use your server self-signed root CA certificate) and if you only have a few iOS devices, you could search on the internet for methods to describe the process of installing your current server self-signed root CA certificate into the iOS device or you could consider using the following procedure that worked for me to do this.

- -  With regard to the Vibe documentation web site listed above, I read over the section "Understanding How Vibe Handles Certificates"

- -  Started by doing the Steps 1 thru 3 and 4B in the section "Generating a Certificate Signing Request"

- -  Read over Section "Using the Certificate Signing Request to Generate a Self-Signed Certificate"

- -  Performed Steps 1 thru 9 in Section "Generating a Self-Signed Root Certificate File in iManager"

- -  Performed Steps 1 thru 14 in Section "Generating a Self-Signed Server Certificate File in iManager"

- -  Performed Steps 1 thru 8 in Section "Importing the Certificate Files into the Vibe Keystore"

- -  Performed Steps 1 thru 5 in Section "Replacing the Original Vibe Keystore File with Your Permanent Keystore File"

- -  Use an Apple utility to import and install your self-signed root CA certificate to your iOS device, then the issue described in this document will not be experienced.  This has been tested successfully with an Apple iPhone 5 with iOS 7.1 installed with the below Apple Utility.

   Note: There may be other utilities or methods to import and install an SSL Root CA certificate into your iOS device, but this worked for me during testing.

- -  Download the Apple iPhone Configuration Utility 3.6.2 at: http://support.apple.com/kb/dl1466 and install it on your Windows computer

        To add private CA certs to your iPhone or iPad, you will need:

  - The Apple iPhone Configuration Utility (windows or mac), you just installed it.

  - Your iPhone or iPad physically connected via cable to said windows or mac machine

  - The cert file(s)

- -  To make your self-signed root CA certificate available to the Apple iPhone Configuration Utility you must import your self-signed root CA certificate (I had a .DER certificate) into Microsoft Internet Explorer, by :

- - Right click the server root CA certificate you created in Step # 6, in Windows file explorer.

- -  Click "Install Certificate", the Windows "Certificate Import Wizard" dialog appears.

- -  Click Next.

- - Choose "Place all certificates in the following store", Browse to "Personal"

- -  Click on OK, Next, Finish, OK. 

- -  After the import of the certificate, for me it showed up as a certificate called "Organizational CA", I could tell it from other certificates by the expiration date and the Subject that had my host name.

Once the above requirements are met, do the following:

a.)     Make sure the certificate you want to deploy to the iOS device is installed on your machine.

b.)     Launch the tool. Apple iPhone Configuration Utility

c.)     Select the Configuration Profiles workspace area on the left.

d.)     Click the New button.

e.)     Under General, select a name such as “<VibeServerName> Root Certificate Trust”, and all other mandatory fields.

f.)  Select the Credentials area, and click the Configure button.  Select the certificate you want to trust, then click OK.  Remember : After the import of the certificate, for me it showed up as a certificate called "Organizational CA", I could tell it from other certificates by the expiration date and the Subject that had my host name.


http://windowsitpro.com/site-files/windowsitpro.com/files/uploads/2013/10/ioscerttrustsml.jpg

g.)     Connect the iOS device, if not already connected

h.)     The device will show under Devices, select it.

I.)     Select the devices Configuration Profiles tab.

j.)  The new profile will be displayed. Click Install.


http://windowsitpro.com/site-files/windowsitpro.com/files/uploads/2013/10/ioscerttrust2sml.jpg

k.)   A message will be displayed on the iOS device prompting the user to click Install. Click Install on the device.

l.)   Click “Install Now” to the confirmation.

http://windowsitpro.com/site-files/windowsitpro.com/files/uploads/2013/10/ioscerttrust3.jpg

m.)   You will be prompted for your passcode, then the screen will change to Profile Installed. Click the Done button

Your device will now trust your internal self-signed root CA certificate ! .  I tested this on iOS7.1 with no problems.  Now when you attempt to login to Vibe with this self-signed root CA certificate on the device you will not have the issue described in this document.  On your iOS device your new certificate profile is listed under, Settings | General | Profiles | Configuration Profiles.


Cause

By default an iOS device does not allow https connections using an iOS app to be made when a self-signed certificate is in use, for security reasons.  This does not currently apply to Android devices.