Hello, I have a problem with an unsecured connection when I try to connect to the mobility server with a phone. I'm trying to configure the IFS Account Manager application, in this application we're asked for the TAS url and the System ID, when we validate the information we get the error: "*Could not establish a secured connection with the Identity provider". We thought it was a certificate problem, but it's actually installed on the phone. However, this certificate uses sha1, which may be the source of the error, as it is below security standards. The question is, does the application require for example at least sha256, and if so, how can the security level be lowered to accept sha1?
Userlevel 5
+12
I believe you’re on Apps10, and while I couldn’t find 100% conclusive proof in the codebase, I very strongly believe that all apps work with SHA-256 at minimum, so the better option is to upgrade your obsolete and insecure certificates (and any other infrastructure) to be standards compliant.
Cheers,
/Rukmal
I believe you’re on Apps10, and while I couldn’t find 100% conclusive proof in the codebase, I very strongly believe that all apps work with SHA-256 at minimum, so the better option is to upgrade your obsolete and insecure certificates (and any other infrastructure) to be standards compliant.
Cheers,
/Rukmal
Hello, thank you very much for your reply. We do indeed use Apps10. I completely agree with you that the customer should increase the security level of his certificate. Unfortunately our customer is not able to do this in a reasonable timeframe, so we are forced to find a way to ignore the obsolescence restrictions. Do you know how to force IFS to accept the certificate as secure?
Userlevel 5
+12
The only alternative I see is *if* your TAS has strong SSL termination and this weak certificate is only on the MWS and the MWS is *not* internet-exposed. If that’s the case, perhaps you can get the TAS to trust the MWS connection - can you share the TAS URL and a screenshot of the error via DM please?
Reply
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.