Search This Blog

Monday, June 12, 2017

Strange decision within IBM Verse update for June of 2017 on Android devices


IBM released a new update for IBM Verse in June 2017 - here is a link to "what's new".
There is a new feature for Android about:

Verse for Android: Certificate-based authentication

However I don't think the way it works is correct.
See my story below...

Accordingly to documentation there are three authentication options supported by IBM Verse on Android devices:
  • Traditional username/password
  • Certificate-only authentication
  • Certificate and username/password
One of my customers had a following picture in Ports\Internet Ports\Web

This means that HTTP server allowed authentication either with login/password or with certificate.
I try to highlight here that users had choice

However with the June IBM Verse update Android users can NOT any more use IBM Verse without importing certificate if "Client certificate" option is set to "Yes" in the Domino configuration.

Here is what I got after I provided server name in just installed-IBM Verse client on my Android device:

I clicked "GOT IT" and received this message (see below)

Of course when I clicked INSTALL I couldn't do anything because I didn't have file of certificate

When I chose "CANCEL" button on the previous screen I was moved back to the beginning of the process - in other words I couldn't complete IBM Verse setup without importing certificate. I suspect it could work OK if Domino Administrator would prepare certificates for all users earlier - but that wasn't my case.

Eventually I had to disable "Client Certificate" authentication option in Domino configuration to let users to use IBM Verse with login and password. Fortunately my customer didn't really use "Client Certificate" authentication so it didn't have any consequences.

I found all this very strange and I do not understand why IBM didn't provide kind of "SKIP" button to let users to continue using name & password authentication in IBM Verse.

I imagine which "nice" affect it could have if it would happen in a huge company with thousands of users without previously generated certificates for users and without possibility for Domino Administrator to just disable "Client certificate" authentication in Domino configuration (no matter what the reason is). 


  1. That does seem a bit odd. I'd read the Domino setting as "either certificate *OR* password" with those settings in the first screenshot. But Verse seems to think "certificate only".