Mutual authentication between my iPhone and webserver

ios apache iphone safari

Solution 1:

Apple Requirements

Apple enforce additional requirements on trusted certificates. Ensure your private Certificate Authority (CA) meets these requirements.

openssl s_server

You can confirm, and debug, the iPhone's browsers are providing a certificate with openssl s_server.

s_server can be used to run a debugging SSL/TLS server which lets you examine the negotiation between the server and client:

  • Verify Incoming SSL Using OpenSSL S_Server
  • Using openssl s_server and openssl s_client to test client certificates

Apache httpd

For configuring Apache httpd, see Client side certificate authentication as the author encountered the same problem:

Although the allowed CA was properly set I got this error message

SSL Library Error: error:140890C7:SSL routines:SSL3_GET_CLIENT_CERTIFICATE:peer did not return a certificate -- No CAs known to server for verification?

In order to solve the problem, I had to merge the certificate CA file and the certificate chain file into one file. For using client certificates with www.digicert.com this meant

cat TrustedRoot.crt >> MergedCA.crt
cat DigiCertCA.crt >> MergedCA.crt

and pointing SSLCACertificateFile to MergedCA.crt

Related

Setting a default username in Admin authentication dialogs?
82GB of "other" don't appear in OmniDiskSweeper or Freediskspace
Who am I racing against in Mario Kart Tour?
How do you get the secret achievements in Valet Hero?
Hi-res Achievement and Trophy Images
Can I disable DC Universe Online's accept licence terms?
How to perform chops with gloves in Secret of Mana?
How do you achieve the 'Know Thy Enemy ' achievement in CIV V?
Why can't I export Rock Band 1 songs to use in Rock Band 3?
Does the Lover stone stack with the spouse rested bonus?
Player 2 in Tony Hawk's Proving Grounds keeps eating pavement in spite of attempts at grinding
Why do characters keep talking after dying, and how do I fix it?