Contents Index Certificate chains Creating the certificates

MobiLink Synchronization User's Guide
  Transport-Layer Security

Enterprise root certificates


A deployment of MobiLink that involves multiple servers can be improved by assigning each server a unique certificate also signed by a common root certificate. A certificate authority within the enterprise holds the root certificate.

This arrangement has the following advantages:

The security of the system can be improved somewhat by obtaining a globally signed certificate, discussed later, from a commercial certificate authority. In practice, however, this arrangement provides adequate security for many applications.

You can program your clients to verify the values of some certificate fields, as discussed later. In this way, you can ensure that your clients synchronize with particular MobiLink synchronization servers within your organization.

An enterprise root certificate.

This setup provides more flexibility than self-signed server certificates. For example, you can add a new server and give it a new certificate. If the new certificate is signed with the same enterprise root certificate, existing clients will automatically trust it. Were you, instead, to give each MobiLink synchronization server a self-signed certificate, all clients would require a copy of the new public certificate.


Creating the certificates
Using the signed certificates

Contents Index Certificate chains Creating the certificates