Two way SSL authentication

App & System Services Networking
markizd OP
Created Dec ’15
Replies 2
Boosts 0
Views 1.6k
Participants 2

Hi

At first of all, I don't know if that's correct group to ask that question, but I've been advised by support team to post my problem here. Secondly I'm not super familiar with SSL but understand pki and whole idea.

Currently I'm testing two way SSL authentication to web page (instead userrname/password). Two certificates been purchased from Geotrust. One installed on webserver apache2.2 and simple test configuration introduced with literally one test of serial number of the client certificate.

The current config has been succesfully tested on Windows7/10 (firefox/chrome), Ubuntu13/14 (firefox/chrome), Macbook Pro (firefox), Android on LG/Sony (chrome). However I can not make it works on iPhone 6/6s. I'm trying install certificate but is showing straight away that is “not trusted”. I've checked CA list and Geotrust is listed there. No idea what really I can check/adjust now.

Any response/suggestions will be much appreciated.

Thanks in advance


--

Markiz

Answered by markizd in 93251022

Hi

Thanks for reply.

I'm trying authenticate to a web server from Safari with that certificate (instead of pasword/username). Tried already Safari Firefox and Chrome and didn't have an option to choose certificate like on other systems.

Cheers


--

M.

Replies  2
Boosts  0
Views  1.6k
Participants  2
DTS Engineer OP
Apple
Dec ’15

I'm trying install certificate but is showing straight away that is “not trusted”.

That shouldn’t concern you.

There are two potential reasons why you’re seeing this message:

  • When you install a configuration profile, you have the option to sign it. If you don’t sign it, you get a message like this. If you install a client identity (a 

    .p12
    ) it’s treated like a configuration profile that contains a single digital identity payload, and hence you get this message.

  • Even if the configuration profile was signed, it’s not required that iOS trust the certificate in the digital identity it uses for an TLS client identity. What matters is that a) iOS presents it to the sever, and b) that the server trusts it.

Are you trying to use this identity from Safari? Or from your own app?

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
markizd OP
Dec ’15
Accepted Answer

Hi

Thanks for reply.

I'm trying authenticate to a web server from Safari with that certificate (instead of pasword/username). Tried already Safari Firefox and Chrome and didn't have an option to choose certificate like on other systems.

Cheers


--

M.

0
Two way SSL authentication
First post date Last post date
 
 
Q