Certificate problem in Safari (iOS)

Maggie_K's picture

Maggie_K

Joined: Sep 15, 2014
Your rating: None (2 votes)

Hi,
I have a problem with opening a website that requires a .p12 certificate with Safari on iOS if I have more than one certificate installed on the device. While entering the page I need to select proper certificate many times when every single element of the page is loading. If I had only one certificate on the device, the right one would be selected by default and there would be no need to select it multiple times. On OS X the problem may be resolved by installing the certificate and adding a New Identity Preference to the Keychain on the Mac to force Safari using particular .p12 certificate to authenticate on the specific page.
Is there any solution for this case on mobile devices with iOS?

Top
mdibella's picture

mdibella

Joined: May 6, 2014

Certificate problem in Safari (iOS)

Your rating: None

Well, you have two problems, and they are both require server-side, not client-side configuration changes.

First, you are being prompted to select a certificate because the server is not sending a trusted certificate authority list to the client during TLS negotiation. Typically this is accomplished by defining a Certificate Trust List and assigning it to the listener serving the website application. The details for doing are implementation-specific and depends the software (Apache, IIS, etc) used on the server and sometimes the version. When the server sends a CA list, the client knows which authority the server wants presented for authentication and can automatically select a client certificate signed by that authority from the keystore.

Second, if you are being re-prompted to select a certificate on every navigation action it probably means that HTTP Keep-alive is not properly configured on the server side. Certificate authentication is processed during TLS negotiation, which happens after the TCP connection is established but before the first HTTP request envelope is passed. If HTTP Keep-alive isn't configured, the server will close the TCP connection immediately after sending the HTTP response. The client then must re-establish the TCP connection, and re-negotiate TLS, forcing re-authentication, which triggers the behavior above.

Top
Maggie_K's picture

Maggie_K

Joined: May 6, 2014

This helped a lot, thank you!

Your rating: None (2 votes)

This helped a lot, thank you!

Top
Peterson14's picture

Yes i was facing the same

Your rating: None (1 vote)

Yes i was facing the same certificate problem in the safari. I tried very hard to solve the problem but i was even not getting the actual problem. My friend helped to configure it again.

Top

Who is online?

There are currently 0 admins, 0 users and 17 guests online. Connected users: .

Recent Activity