cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
727
Views
0
Helpful
1
Replies
CB90021204
Beginner

iPhones not trusting thawte cert chain

Hello,

We have installed a public Thawte cert on Cisco ACS for our Mobile wireless network. I have also installed the Thawte SSL CA - G2 and Thawte Primary Root CA certificate authorities on ACS.

When connecting to the management interface of the ACS server (Since trusted for EAP and management) IE and Chrome trust the cert chain however when attempting to connect my iPhone to the wireless network, the iPhone doesn't trust the cert.  We are following the iPhone recommended root CAs https://support.apple.com/en-au/HT205205.  I also found this bug regarding the thawte primary root ca G3 therefore not using the G3 root cert http://serverfault.com/questions/630925/os-x-not-trusting-thawte-primary-root-ca-g3.

Has anyone had any experience with this? Doesn't anyone use a combination of Thawte certs that are trusted by iPhones? If iPhone don't work well with thawte certs are there other certs that iPhones do like?

Thanks

1 REPLY 1
Ric Beeching
Rising star

I've had issues with this using Geotrust G2/G3 certificates because the certificate wasn't immediately signed by the root but was a chain from an intermediate CA that wasn't in Apple's trusted list. From what I can tell the browsers won't have an issue with it but the actual device will during 802.1X authentication.


Cheers,

Ric

-----------------------------
Please rate helpful / correct posts
Create
Recognize Your Peers
Content for Community-Ad