Flex socket SSL
Universal Messaging Flex has a custom SSL implementation for sockets, it does not support self signed certificates and only trusts the certificates included in the Mozilla project Root CA store list.
If you wish for client certificate verification then the Universal Messaging Flex implementation requires the private certificate and the signed key in pem format. The following snippet shows how you can pass a client certificate into the Universal Messaging API
var cert:String; //Either read in or embed the certificate string into cert
var key:String; //Either read in or embed the key string into key
var attributes:nSessionAttributes = new nSessionAttributes(completeString, 5);
attributes.sslCertificate = cert;
attributes.sslKey = key;
mySession = nSessionFactory.create(attributes, "subject", appName, errorCB);
SSL Realm Configuration
The Universal Messaging Flex API is able to use all 4 of Universal Messaging's protocol's natively. To enable SSL protocols, a number of steps must be followed to ensure the Universal Messaging realm, and your Flex application, are configured correctly.
An NHP interface on port 80 should be setup, with a file plug-in at root level which points to a directory containing the crossdomain.xml for the server.
A similar NHPS interface should be set up on port 443, again which a root level file plug-in pointing to a directory containing the crossdomain.xml.
An nsp interface should be setup on port 843, this should have "Enable Policy File" Enabled through the "Basic" tab in the interface configuration. The policy file(clientaccesspolicy.xml) should be placed in the htdocs directory of the realm. Then add the certificates that you wish to use. These cannot be self signed, but can be from CAcert.
Client certificate validation can be enforced through the configuration on the interface through which you will be serving your flex application.
Pass the certificates into flex as shown above, or copy them straight in as strings, a private certificate and a signed key are required.