Hi Martin, do your certificates comply with those rules https://support.apple.com/en-us/HT210176
We had sha1 in the sample configs for a long time, so if you did not upgrade the config this might be the problem. Oliver Am 29.11.19 um 09:25 schrieb Martin Krämer: > Dear All, > > I have a running instance of OpenXPKI v2 on Debian Jessie. > This instance is (with small modifications within instance name) based > on the sampleconfig.sh script, > following the guidelines from > https://openxpki.readthedocs.io/en/latest/quickstart.html#setup-base-certificates. > > While I can successfully enroll certificates via SCEP, import the > required ca-root, ca-signer and scep-1 into my clients > and have a correct trust for my web pages on Debian, Android and > Windows, I am still facing issues with iOS devices. > > What I have done on iOS devices to install the certificates is: > 1. transfer ca-root, ca-signer and scep-1 certificate to the device > 2. select the ca-root certificate on "files" app -> "Profile Downloaded" > popup appears > 3. select the ca-signer certificate on "files" app -> "Profile > Downloaded" popup appears > 4. select the scep-1 certificate on "files" app -> "Profile Downloaded" > popup appears > 5. navigate to settings -> general -> profiles & device management > 6. All three certificate profiles are listed within "Downloaded profile" > 7. select ca-root -> install -> enter passcode -> select install -> > select Done > profile is now listed within "Configuration Profiles" > 8. select ca-signer -> install -> enter passcode -> select install -> > select Done > profile is now listed within "Configuration Profiles" > 9. select scep-1 -> install -> enter passcode -> select install -> > select Done > profile is now listed within "Configuration Profiles" > 10. navigate to settings -> general -> about -> certificate trust settings > 11. select the ca-root certificate and enable it for full trust > > If I now try to browse to one of my web pages the page keeps loading / > reloading all the time without showing any content. > As soon as I: > 1. navigate to settings -> general -> about -> certificate trust settings > 2. select the ca-root certificate and DISable it for full trust > The web page loads correctly again, but with error of untrusted page. > > Did somebody already make any experience with openxpki generated > certificates on iOS? > Is there a step missing within my instructions to enable a correct trust? > > thank you for your support > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
