[Fed-Talk] Re: SSL Client Certificates on iPhone
[Fed-Talk] Re: SSL Client Certificates on iPhone
- Subject: [Fed-Talk] Re: SSL Client Certificates on iPhone
- From: "Danziger, Alan D." <email@hidden>
- Date: Mon, 1 Feb 2010 15:55:46 -0500
- Acceptlanguage: en-US
- Thread-topic: SSL Client Certificates on iPhone
Thanks Tim,
I'm using the default Hello World page at
/Library/WebServer/Documents/index.html.en
For my testing...
On 2/1/10 3:33 PM, "Miller, Timothy J." <email@hidden> wrote:
> How many objects on the page? If it's more than a simple HTML document with
> no CSS, MobileSafari could be fetching page components in parallel and not
> properly recalling the user cert selection. Try it with a simple 'hello
> world' page.
>
> -- Tim
>
>> -----Original Message-----
>> From: fed-talk-bounces+tmiller=email@hidden [mailto:fed-
>> talk-bounces+tmiller=email@hidden] On Behalf Of Danziger,
>> Alan D.
>> Sent: Monday, February 01, 2010 2:28 PM
>> To: email@hidden Talk
>> Subject: [Fed-Talk] SSL Client Certificates on iPhone
>>
>> Hi there,
>>
>> Has anyone configured mutual authentication with client certificates on
>> the iPhone?
>>
>> I have a (known-good) user certificate, and a (known-good) server
>> certificate.
>>
>> I have Apache configured to use the server certificate, and to trust the
>> CA which signed the user certificate.
>>
>> When I hit the server from Firefox on OSX, it works properly - prompts
>> me once for which certificate to use, returns my content, no problem.
>>
>> When I hit the server from Safari on OSX, it works properly - prompts me
>> once for which certificate to use, [stores that as an identity
>> preference?,] returns my content, no problem.
>>
>> When I hit the server from MobileSafari on iPhone (3.1.2), it does NOT
>> work "properly". It prompts me 3 times for which certificate to use,
>> after which it returns my content, but that's a problem.
>>
>>
>> I have Apache debug logs showing this, I have openssl s_server logs
>> showing this, and I'd be happy to talk to anyone who has suggestions for
>> me to try.
>>
>>
>> Other data points:
>> - Apache server is running on a Mac Mini, 10.6.2
>> - If I disable client authentication, MobileSafari can access the
>> data without problems (thus validating the server cert).
>>
>>
>> Any suggestions?
>>
>> Thanks,
>> -=Alan Danziger
>> email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden