Dear Cyrille,
It's so easy.... so clear that I need nearly two days to understand...
The point is to tell iCal to accept the certificate. As I accepted it
with my Browser and I saw that it was stored in apple service programm
where the certs and keys (not sure about the english name) I thought
every must be ok.
To tell iCal to accept the certs one has to open the SSL-Site with
safari - not with firefox. When I had accepted the certs with safari
everything in iCal was ok
Thanks you very much for the time you spent on this
Georg
P.S. maybe someone can add this iCal feature to the iCal-Howto on
www.calendarserver.org
Am 19.02.2009 um 12:35 schrieb Cyrille Colin:
Hi,
i didn't use iCal.
I try calendarserver to see if it can resolve our "calendar problem".
Linux as server and thunderbird with lightning as client.
About certificates, it's due to the file format pem or pkcs12 can
contains both certificate and private key, but don't matter with your
problem. I heard a lot about certificate with macos. I think you
need to
import your certificate into the store (keychain). take a look here :
http://www.stefanseiz.com/archives/2004/06/importing_a_self_signed_sslcertificate_into_your_mac_os_x_keychain.html
hope this help.
Le jeudi 19 février 2009 à 10:49 +0100, Georg Troska a écrit :
Hi Cyrille,
https in my browser works, https in leightning (debian calendar)
works
as well. Kerberos authentication works as well (on browser and
leightning with https and http) I can connect with iCal but only when
I'm sending my Kerberos -Ticket unencrypted without https over http.
When trying to connect through https I get there Error message I
mentioned:
"The account information could not be found - Unexpected error
at the
secure name resoltion (Error -9813). The servername <name> is
maybe
incorrect "
I my case the SSL-Cert and the private-key are stored in two
different
files (with different priviliges but belonging by root). This is the
first time I heard of SSL Certs and Privatekey that are stored in one
file. From my point of view they are useless then ;-) But I have not
found information about that tool you mentioned.
All Calendarclient programs except iCal ask if they my trust my
certificates. I believe if I could tell iCal to trust them everything
would be ok
Do you use iCal as a client with https connection?
Thanks a lot Georg
Am 19.02.2009 um 08:54 schrieb Cyrille Colin:
Oops, i didn't see the error was in ical .. are you sure your
certificate common name is set to your server url ?
https seems to work, to verify connect your server via a browser :
https://xxx:8443/calendars/users/
Le mercredi 18 février 2009 à 23:27 +0100, Georg Troska a écrit :
Hi,
Are you sure private and public keys are stored in the same file?
Georg
Am 18.02.2009 um 22:19 schrieb Cyrille Colin:
hi,
Self-signed certs works for me.
I create it with
createmake-ssl-cert /usr/share/ssl-cert/ssleay.cnf /calendar/
certs/
calendar.pem
and set .plist :
<!-- Public key -->
<key>SSLCertificate</key>
<string>/calendar/certs/calendar.pem</string>
<!-- Private key -->
<key>SSLPrivateKey</key>
<string>/calendar/certs/calendar.pem</string>
hope this help.
On mer., 2009-02-18 at 21:18 +0100, Georg Troska wrote:
Hi,
ok maybe this is a better forum to ask this question
Anfang der weitergeleiteten E-Mail:
Von: Georg Troska <georg.tro...@uni-dortmund.de>
Datum: 18. Februar 2009 15:08:13 MEZ
An: calendarserver-...@lists.macosforge.org
Betreff: [CalendarServer-dev] HTTPS-Problem
Hi,
I have problems to get HTTPS running on the calendarserver.
(Ubuntu-Intrepid)
HTTP works fine now, but using HTTPS gives me an error-message
in
iCal:
"The account inforation could not be found - Unexpected error at
the
secure name resoltion (Error -9813). The servername <name> is
maybe
incorrect "
(This is translated from german)
I'm sure that HTTPS is running as I can reach it in the
Browser -
authentication is running as well
Thanks Georg
_______________________________________________
calendarserver-dev mailing list
calendarserver-...@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-
dev
meanwhile I found out, that I have a logentry in /var/log/
system.log
on my client:
---
Feb 18 21:14:01 regulus iCal[97893]: SMA: -[DAVRequest(Private)
translateSSLError:]: { -9813 }
Feb 18 21:14:01 regulus iCal[97893]: [DAVRequest
_readStreamEvent]:
SecTrustEvaluate failed. Failing with error: (null)
---
putting this into google made me a bit nervous when I read
this:
http://www.zimbra.com/forums/administrators/16397-caldav-issue-leopard.html
is it true that iCal cannot handle "selfmade SSL-Certs"? How
can I
put
the cert on "always trust"?
I hope you can help. Thanks a lot
Georg
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska
Experimentelle Physik IV
TU Dortmund
+49 231 755 3501
_______________________________________________
calendarserver-users mailing list
calendarserver-users@lists.macosforge.org
http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
