7021259: Mobile Access connection from IOS fails with NAM 4.4 using self signed certs

This document (7021259) is provided subject to the disclaimer at the end of this document.

Environment

Access Manager 4.4

Situation

When testing NAM 4.4 Mobile Access from an IOS device, the initial connection from the IOS device would fail with an untrusted certificate message. Recognising that the certificate tied to the AG proxy (with NAM appliance) or the IDP server (without the NAM appliance) was one issued by the NAM CA, we imported the NAM CA root certificate into IOS. For some reason this failed to complete.

Resolution

Created a test certificate from SLES CA using yast2 -> security link, applied it to NAM Identity Server and imported root into IOS.
Creating a server certificate with the subject name that matches the IDP base URL and saving it as a pkcs#12 formatted file allowed it to be imported into NAM under Security -> Server certificates link. Once done, it could be applied directly to the IDP or AG (AG in case of NAM appliance).
The final step was to email the Yast CA root certificate to myself so that I could import it into the IOS trust store. When successful, the IOS Settings General -> About option will show the newly imported Yast CA into the IOS truststore. At this point, users shoul dbe able to bring up the Mobile Access app and point to the IDP base URL to login and get access to all appmarks.

Related:

Leave a Reply