Openssl x509 -req -days 365 -in file.csr -CA ca.crt -CAkey ca.key -set_serial $SerialNumber -out file.crt Openssl req -new -key file.key -out file.csr -subj "$DN" Here's the exact code (with file names simplified) used to create and sign the certificates: openssl genrsa -out file.key 4096 I'm not sure if this is an iPad glitch or the certificate isn't signed right. When you view the certificate in Firefox, Firefox shows the correct CA in the Issued By field. When you view the certificate details on the iPad after it is installed, the iPad says "signed by" and lists the certificates own name. The iPad install profile dialog claims the Identity Certificate is not signed, but lets me install it. The command used to create the pkcs file is: openssl pkcs12 -export -out file.pk12 -inkey file.key -in file.crt -nodes -passout pass:mypassword Openssl x509 -purpose for the cert used to create the pkcs file is: Certificate purposes: Is this an iPad problem, an nginx problem, or a certificate problem? And how can we troubleshoot and solve it? Again, client certificate authentication works just fine for desktop browsers with our setup. The CA public cert and intermediate CA cert is installed on the iPad, and installed on the server as well. Nginx returns a 400 bad request "The SSL Certificate Error" to the iPad client. Client certificate authentication is working just fine in desktop browsers, but when we use the exact same certificate that works in a desktop browser on an iPad, we get this error in nginx: 7200#7200: *2 client SSL certificate verify error: (26:unsupported certificate purpose) while reading client request headers We want to add some iPad clients to the mix for inventory counting, etc. Our company's web application uses client certificates to authenticate.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |