Highlighted
Honored Contributor.
Honored Contributor.
1207 views

Certificate issues with new iOS

Hello,

I have not had any issues with GMS and setting this up on anybody's iPhone until the latest 10.3.3 update. We have GMS 14.2.1 Build 270. When I try to set up email sync on a users iPhone now it says that it cannot verify the Certificate. It is self signed so I know why it is getting that. In the past I manually downloaded the Cert and imported into the phone and all worked well. Now I get it downloaded and imported/installed on the iPhone and it says "Verified" under the profile and I have it enabled under the Certificate trust settings. After doing this if I try to set up email sync again, it still says it cannot verify and it brings up the profile but it says "not Verified" for some reason and does not allow me to trust or allow this cert. As a test I removed the Email account from my iPhone and removed my device from the GMS admin console under my name. I then upgraded my iPhone to the 10.3.3 version. I then went and was able to successfully add my email account to the iPhone. I did not have to add any profiles (nothing is under the profile section) or enable any profiles under the Certificate Trust settings. Now I am really confused.

Does anyone have any ideas or what I could try?

Thanks,
Andy
Labels (1)
0 Likes
11 Replies
Highlighted
Knowledge Partner
Knowledge Partner

Re: Certificate issues with new iOS

Acshearer,
> Does anyone have any ideas or what I could try?


FWIW. Buy a certificate 🙂 You can spend hours and hours trying to get
selfsigneds to work with all devices and still not succeed.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate issues with new iOS

+1. The last service certificates I purchased were something like
$12USD/year. It is quite literally not worth the time to try and make
self signed certs work when they can be had so inexpensively.

I'm sure a supervisor would be ok with that expenditure vs. spending an
hour+ on each device type to try and work out the self signed imports.


On 9/5/2017 1:21 PM, Anders Gustafsson wrote:
> Acshearer,
>> Does anyone have any ideas or what I could try?

>
> FWIW. Buy a certificate 🙂 You can spend hours and hours trying to get
> selfsigneds to work with all devices and still not succeed.
>


0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Certificate issues with new iOS

Unsigned,
> +1. The last service certificates I purchased were something like
> $12USD/year. It is quite literally not worth the time to try and make
> self signed certs work when they can be had so inexpensively.


Well, it depends on where you buy. If you want a certificate without
hassle and a vendor that does decent support, then a standard SSL cert
is 175$. That goes down to 139$/year if you buy three years.

Given the fact that a skilled IT-professional probably costs his
employer 100$/hour or more... I'd say buy a cert.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Certificate issues with new iOS

AndersG;2465595 wrote:
Acshearer,
> Does anyone have any ideas or what I could try?


FWIW. Buy a certificate 🙂 You can spend hours and hours trying to get
selfsigneds to work with all devices and still not succeed.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html


Or use the free letsencrypt cert.. Seems to work according to this thread: https://forums.novell.com/showthread.php/502375-LetsEncrypt-setup

Thomas
0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Certificate issues with new iOS

Thank you all for the information. I will just purchase a Signed cert if that will make it easier, that is not an issue. We usually buy ours from Thawte so I will just do that. Once I purchase the cert and get that installed how will that affect the current users that are syncing with the GMS? Will I have to do anything to their phones, such as re-connect them or anything else? Just wanted to be prepared.

Thanks,
Andrew
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Certificate issues with new iOS

Acshearer,
> We usually buy ours
> from Thawte so I will just do that.


Sounds like a plan.

> Once I purchase the cert and get
> that installed how will that affect the current users that are syncing
> with the GMS? Will I have to do anything to their phones, such as
> re-connect them or anything else? Just wanted to be prepared.


Nope, it should be transparent.

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Certificate issues with new iOS

Thanks for all the help.
Andrew
0 Likes
Highlighted
Absent Member.
Absent Member.

Re: Certificate issues with new iOS

Oh totally. I've purchased from 'the guys' that everyone likes with
great support and the experience was good. I also feel like there are
only so many reasonable ways to use a cert that a smalker IT shop will
come across and these are well documented on the internet. Reputable
CA's or re-sellers allow for multiple re-issues, and have their roots
widely distributed, which are about the only major concerns.

At the end of the day, the $12 cert provides the exact same
functionality as the $175 or $500 one. There can be some differences in
the CRL server responsiveness or the vetting process of the issuer, and
maybe one could argue these can be important depending on the expected
traffic or business type. However once plugged into say, a web server,
the key material works in concert with the available crypto libraries
and a trusted RSA/SHA2 cert works the same as any other trusted RSA/SHA2
cert.

Not that this is relevant for GMS, but the same for EV/GreenBar. Its
simply a field in the cert that the browsers look for to change a
display. There is zero difference in the crypto technology provided.

On 9/6/2017 12:53 AM, Anders Gustafsson wrote:
>
> Well, it depends on where you buy. If you want a certificate without
> hassle and a vendor that does decent support, then a standard SSL cert
> is 175$. That goes down to 139$/year if you buy three years.
>
> Given the fact that a skilled IT-professional probably costs his
> employer 100$/hour or more... I'd say buy a cert.
>


0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Certificate issues with new iOS

Hello,

I am getting ready to purchase the cert from Thawte. For the GMS and Webaccess Thawte has the option for Apache or Tomcat. Do I do the cert for Apache or Tomcat?
Thanks,
Andrew
0 Likes
Highlighted
Knowledge Partner
Knowledge Partner

Re: Certificate issues with new iOS

Acshearer,
> I am getting ready to purchase the cert from Thawte. For the GMS and
> Webaccess Thawte has the option for Apache or Tomcat. Do I do the cert
> for Apache or Tomcat?
> Thanks,
> Andrew


You should have the option to select either when downloading. IIRC Tomcat, but FWIW certs are just text files anyway. See:

https://www.novell.com/communities/coolsolutions/groupwise-mobility-figuring-out-certificates/

--
Anders Gustafsson (NKP)
The Aaland Islands (N60 E20)

Have an idea for a product enhancement? Please visit:
https://www.novell.com/products/enhancement-request.html

0 Likes
Highlighted
Honored Contributor.
Honored Contributor.

Re: Certificate issues with new iOS

Thank you, I appreciate it.
Andrew
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.