Dear All, I have a running instance of OpenXPKI v2 on Debian Jessie. This instance is (with small modifications within instance name) based on the sampleconfig.sh script, following the guidelines from https://openxpki.readthedocs.io/en/latest/quickstart.html#setup-base-certificates .
While I can successfully enroll certificates via SCEP, import the required ca-root, ca-signer and scep-1 into my clients and have a correct trust for my web pages on Debian, Android and Windows, I am still facing issues with iOS devices. What I have done on iOS devices to install the certificates is: 1. transfer ca-root, ca-signer and scep-1 certificate to the device 2. select the ca-root certificate on "files" app -> "Profile Downloaded" popup appears 3. select the ca-signer certificate on "files" app -> "Profile Downloaded" popup appears 4. select the scep-1 certificate on "files" app -> "Profile Downloaded" popup appears 5. navigate to settings -> general -> profiles & device management 6. All three certificate profiles are listed within "Downloaded profile" 7. select ca-root -> install -> enter passcode -> select install -> select Done profile is now listed within "Configuration Profiles" 8. select ca-signer -> install -> enter passcode -> select install -> select Done profile is now listed within "Configuration Profiles" 9. select scep-1 -> install -> enter passcode -> select install -> select Done profile is now listed within "Configuration Profiles" 10. navigate to settings -> general -> about -> certificate trust settings 11. select the ca-root certificate and enable it for full trust If I now try to browse to one of my web pages the page keeps loading / reloading all the time without showing any content. As soon as I: 1. navigate to settings -> general -> about -> certificate trust settings 2. select the ca-root certificate and DISable it for full trust The web page loads correctly again, but with error of untrusted page. Did somebody already make any experience with openxpki generated certificates on iOS? Is there a step missing within my instructions to enable a correct trust? thank you for your support
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
