It is important to note that failure to meet all of the requirements listed below may result in your Verse for iOS, Verse for Android, IBM Notes Traveler Companion and IBM Notes Traveler To Do apps being unable to connect to your Traveler servers.
- Mobile apps must connect only using HTTPS and not the unsecured HTTP protocol.
- The server certificate must not be expired or invalid.
- The server certificate common name (CN )or a name from the server certificate’s Subject Alternate Name (SAN) list must match the host name of the server with which the client is connecting. For example, if the mobile app is connecting totraveler.example.com, then the certificate must list traveler.example.com in the CN or SAN fields. A wild card certificate is allowed but the domain from the wild card must match the server’s domain.
- The negotiated Transport Layer Security version must be TLS 1.2. Since devices running Android prior to version 4.1 do not support TLS 1.2, they can no longer be supported.
- The server certificate must be trusted and either issued by a certificate authority (CA) whose root certificate is incorporated into the device operating system or is a trusted root CA that has been installed by the user or a system administrator on the device.
- The negotiated TLS connections cipher suite must support forward secrecy and be one of the following:
- The leaf server certificate must be signed with one of the following types of keys:
Rivest-Shamir-Adleman (RSA) key with a length of at least 2048 bits
Elliptic-Curve Cryptography (ECC/ECDSA) key with a size of at least 256 bits
- The leaf certificate hashing algorithm must be Secure Hash Algorithm 2 (SHA-2) with a digest length of at least 256 (SHA-256 or greater).
Source: IBM Support