Re: [Fed-Talk] Re: SSL Client Certificates on iPhone
Re: [Fed-Talk] Re: SSL Client Certificates on iPhone
- Subject: Re: [Fed-Talk] Re: SSL Client Certificates on iPhone
- From: "Shawn A. Geddis" <email@hidden>
- Date: Mon, 01 Feb 2010 13:47:49 -0800
Alan,
Have not seen any reference of you adding the Self-Signed Root CA Cert
of the presumed Server Cert to the iPhone's credential store. You can
do this multiple ways....
-Shawn
—————————————
Shawn Geddis
Security Consulting Engineer
Commercial & Government
Apple Inc.
Sent from my iPhone
On Feb 1, 2010, at 12:55 PM, "Danziger, Alan D." <email@hidden>
wrote:
Thanks Tim,
I'm using the default Hello World page at
/Library/WebServer/Documents/index.html.en
For my testing...
On 2/1/10 3:33 PM, "Miller, Timothy J." <email@hidden> wrote:
How many objects on the page? If it's more than a simple HTML
document with
no CSS, MobileSafari could be fetching page components in parallel
and not
properly recalling the user cert selection. Try it with a simple
'hello
world' page.
-- Tim
-----Original Message-----
From: fed-talk-bounces+tmiller=email@hidden
[mailto:fed-
talk-bounces+tmiller=email@hidden] On Behalf Of
Danziger,
Alan D.
Sent: Monday, February 01, 2010 2:28 PM
To: email@hidden Talk
Subject: [Fed-Talk] SSL Client Certificates on iPhone
Hi there,
Has anyone configured mutual authentication with client
certificates on
the iPhone?
I have a (known-good) user certificate, and a (known-good) server
certificate.
I have Apache configured to use the server certificate, and to
trust the
CA which signed the user certificate.
When I hit the server from Firefox on OSX, it works properly -
prompts
me once for which certificate to use, returns my content, no
problem.
When I hit the server from Safari on OSX, it works properly -
prompts me
once for which certificate to use, [stores that as an identity
preference?,] returns my content, no problem.
When I hit the server from MobileSafari on iPhone (3.1.2), it does
NOT
work "properly". It prompts me 3 times for which certificate to
use,
after which it returns my content, but that's a problem.
I have Apache debug logs showing this, I have openssl s_server logs
showing this, and I'd be happy to talk to anyone who has
suggestions for
me to try.
Other data points:
- Apache server is running on a Mac Mini, 10.6.2
- If I disable client authentication, MobileSafari can access the
data without problems (thus validating the server cert).
Any suggestions?
Thanks,
-=Alan Danziger
email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden