Configure for the certificate authority list
The client needs to check to see if the server certificate is trusted. This is done using a certificate authority list.
In this task you create the client's certificate authority list using the OpenSSL command line tool, and set the global certificate authority list in your FGLPROFILE file.
Important: On GMI mobile devices
the iOS SSL/TLS layer is used for HTTPS, and the device Keychain® typically holds the server certificate authority list. Therefore,
the FGLPROFILE file security settings are ignored with the exception of the following:
security.global.ca
, security.global.ca.lookuppath
, and
security.global.systemca
.The client application is configured to use the appropriate certificate authority list to validate a server's certificate.
In your FGLPROFILE file ensure there are
configuration entries (ws.*
) for the HTTPS server URL and for the HTTP
authentication when accessing the HTTPS server. See Add configuration entries in your FGLPROFILE file.