When a client connects to a server that is using TLS (HTTPS), the server delivers a certificate that the client uses to verify the identity of the server and establish a secure communication channel with the server. The client must trust the certificate before using it to verify the server identity and establish a secure communication channel.

The Experience Service, Vuforia Studio, and Vuforia View must be properly configured so that the TLS certificates are trusted. For the Vuforia Studio products, there are two TLS certificates to be considered:

The certificates and private keys must be encoded using one of the following:

The Experience Service does not support any version of Secure Sockets Layer (SSL). Only TLS version 1.1 or higher is supported; by default, TLS version 1.2 is used.

A certificate authority (CA) issues an TLS certificate. A CA can belong to a hierarchical chain of CAs, where the parent CA certifies the trustworthiness of each CA in the hierarchy. The CA at the top of the hierarchy is called the root CA, and other CAs in the chain are intermediate (or subordinate) CAs.

For a client to trust a certificate, it must trust the CA that issued it. Each CA has a certificate that it uses to sign the certificates that it issues. A client trusts a CA if the CA’s certificate, or the certificate for one of its parent CAs appears in the client’s trust store. By default, certificates for well-known, public CAs, appear in a client’s trust store. Certificates for private organizational CAs must be added manually to the trust store.

In some cases, a CA does not issue a certificate. These certificates are known as self-signed certificates. Since the CA did not issue the certificate, the self-signed certificate must be added to the client’s trust store for it to be trusted.

Two certificates must be configured for the Vuforia Studio product suite:

The steps required to configure these certificates depend on the following information about the certificate: