cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
962
Views
0
Helpful
1
Replies

iPhones not trusting thawte cert chain

CB90021204
Level 1
Level 1

Hello,

We have installed a public Thawte cert on Cisco ACS for our Mobile wireless network. I have also installed the Thawte SSL CA - G2 and Thawte Primary Root CA certificate authorities on ACS.

When connecting to the management interface of the ACS server (Since trusted for EAP and management) IE and Chrome trust the cert chain however when attempting to connect my iPhone to the wireless network, the iPhone doesn't trust the cert.  We are following the iPhone recommended root CAs https://support.apple.com/en-au/HT205205.  I also found this bug regarding the thawte primary root ca G3 therefore not using the G3 root cert http://serverfault.com/questions/630925/os-x-not-trusting-thawte-primary-root-ca-g3.

Has anyone had any experience with this? Doesn't anyone use a combination of Thawte certs that are trusted by iPhones? If iPhone don't work well with thawte certs are there other certs that iPhones do like?

Thanks

1 Reply 1

Ric Beeching
Level 7
Level 7

I've had issues with this using Geotrust G2/G3 certificates because the certificate wasn't immediately signed by the root but was a chain from an intermediate CA that wasn't in Apple's trusted list. From what I can tell the browsers won't have an issue with it but the actual device will during 802.1X authentication.


Cheers,

Ric

-----------------------------
Please rate helpful / correct posts
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: