VPN connection from iPhone

Mathieu GEFFROY · ‎02-10-2011

Hello,

I have some iPhone in my company and they connect to VPN through an ASA (version 8.0.4). The vpn connection use a certificate to validate that the device can connect.

All my devices used the ASA IP address to connect, I decide to change that and use a name to connect ( DNS resolution made by the ISP), a generate a new certificate and made a new vpn connection profile. My PC, mac book pro can connect using the new connection, but my iPhone display the message : "Could not validate certificate". I've checked all the configuration and can't find where the difference between my two connection profile.

If you have any idea to suggest me for the iPhone can connect.

Thanks a lot,

Mathieu GEFFROY

Jay Young · ‎02-16-2011

Mathieu,

It pretty much depends on how you are doing authentication of the ASA. Does the ASA have a certificate from a local certificate authority? Did you just update a self-signed certificate on it?

You might want to just export the cert from the ASA and push it down to the phone by installing a profile that has the new ASA cert included.

-Jay

Mathieu GEFFROY · ‎02-17-2011

Thanks for your reply Jay,

The ASA have a certificate from a local authority, a Microsoft authority to be precise.

The iPhone have the root certificate, the intermediate certificate (the server who deliver the ASA certificate) installed.

You tell me I have to install the ASA certificate on the iPhone, but this certificate include the private key of the ASA.

I will try to export the certificate and then install it on the iPhone.

Regards,

Mathieu