How to manually add the ca.crt client certificate for Secure Email Proxy.

book

Article ID: 178564

calendar_today

Updated On:

Products

Mobility Suite

Issue/Introduction

 

Resolution

1. Copy the CA cert to the /usr/local/nginx/certs/ as 'ca.crt'

 

2. Edit the Nginx configuration file by typing the following command in the Terminal:

vi /usr/local/nginx/conf/nginx.conf

 

3. Add the following two lines:

ssl_client_certificate /usr/local/nginx/certs/ca.crt;

ssl_verify_client optional;

 

These two lines should be input into the 'nginx.conf' file after the following lines:

server {

    listen        443;

    ssl on;

    server_name example.com;

 

    ssl_certificate      /usr/local/nginx/certs/server.crt;

    ssl_certificate_key  /usr/local/nginx/certs/server.key;

 

And before these lines:

location / {

        root           /var/www/example.com/html;

        fastcgi_pass   127.0.0.1:9000;

        fastcgi_param  SCRIPT_FILENAME /var/www/example.com/lib/Request.class.php;

        fastcgi_param  VERIFIED $ssl_client_verify;

        fastcgi_param  DN $ssl_client_s_dn;

        include        fastcgi_params;

    }

}

 

4. Type service nginx restart through the Terminal.

 

In order to collect the ca.crt file from a p12 formatted .pfx file, refer to http://www.symantec.com/docs/HOWTO106999 for instructions on its extraction through the Terminal.

For instructions on setting up the Secure Email Proxy from start to finish, refer to http://www.symantec.com/docs/HOWTO95612.

Ensure that selinux is not set to enforcing. It needs to be set to permissive or disabled for it to function properly. If the server.key and server.crt files do not make it down to the device and there are java errors that appear in the /usr/local/nginx/logs/controller.log file, then this is indicative of a proxy that has its selinux set to enforcing.

Additional Information

DESCRIPTION :

The following values are being included into this document for searchability:

NSURLErrorDomain error -1012

NSURL -1001

These are possible errors captured on the logs of a Mobile Device that could have mis-configured Secure Email Proxy.