I’m utilizing a digital non-public server working Ubuntu 22.04. On the VPS, I’m utilizing an Apache net server to serve content material like i.e. a wiki.
To ensure solely I can entry the content material, I’ve configured Apache to anticipate shoppers to authenticate themselves through consumer certificates.
I used OpenSSL on the Ubuntu server to create a CA after which create the consumer certificates with that. The consumer certificates is utilizing an export password.
I can set up and use the ensuing consumer certificates with out issues on Firefox on Home windows 10 and on my Android cellphone in Chrome. So, each the certificates in addition to the password appear to work wonderful on precept. Nevertheless, the identical certificates with the identical export password will fail to put in on my iPad claiming the password is wrong.
How I created the CA
I’ve used these OpenSSL instructions to create the CA key and certificates:
Be aware: Whereas in search of an answer for this drawback, I discovered this publish suggesting that iOS cannot deal with certificates created with OpenSSL 3.x. Because of this, I’ve used OpenSSL 1.1.1 for the instructions beneath.
openssl genrsa -aes256 -out ca.key
openssl req -x509 -new -nodes -key ca.key -sha512 -days 365 -out ca.crt
How I created the consumer certificates
These are the OpenSSL instructions I used to create the consumer certificates:
openssl req -newkey rsa:2048 -days 365 -nodes -keyout client-key.pem > client-request.pem
openssl x509 -req -in client-request.pem -days 365 -CA ca.crt -CAkey ca.key -set_serial 01 > client-cert01.pem
The consumer key has a password assigned to it.
I then convert them to a .pfx file like this:
openssl pkcs12 -export -in client-cert01.pem -inkey client-key.pem -out client-cert01.pfx
The .pfx file has an export password assigned to it.
As talked about, the ensuing .pfx file is engaged on Firefox on Home windows and Chrome on Android, but when I attempt to set up the identical .pfx file on my iPad with the identical password, then iOS will reject the password.
The consumer certificates proven as an id in my iOS settings display screen. Coming into the password has failed.
I’ve tried producing the certificates and keys each with OpenSSL 3 in addition to OpenSSL 1.1.1, I’ve tried exporting the certificates to .p12 format (though I am undecided that makes a giant distinction), I’ve additionally tried creating the certificates request on a Mac Mini as a substitute of the Linux server itself. Nevertheless, none of that had any impact.
Does anybody know what the issue may be or what I may be lacking?
