[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Ipad/iPhone ldap setup

On 21/02/11 20:25, Chris Jackson wrote:

I am having trouble accessing my openldap server over SSL using an
iPhone/iPad/iPod Touch using ios 4.2.1. If I check the SSL box in the
client setup on the iPhone/iPad/iPod Touch I get an error in the slapd
log -- TLS negotiation Failure. With logging level 9 I get TLS accept
failure error=-1 id=1.

Other clients work fine over SSL/StartTLS. Outlook, addressbook in osX
10.6, jxplorer.

I am using openldap 2.4.19-15 on RHEL6 with a comodo wildcard SSL cert.

FWIW we had a similar problem here with our mail server accepting IMAPS connections fine from everything except iPhones.

After some experimentation, I eventually found out it was because I had generated our new SSL keys with "openssl gendsa" and it seems that for some reason known only to Apple, only RSA keys as opposed to DSA keys are supported in their iPhone TLS/SSL implementation. Regenerating a new key with "openssl genrsa" instead and using that to sign the server SSL certificate instead solved the problem and allowed the iPhones to connect.



Mark Cave-Ayland - Senior Technical Architect
PostgreSQL - PostGIS
Sirius Corporation plc - control through freedom
t: +44 870 608 0063

Sirius Labs: http://www.siriusit.co.uk/labs