SSL certificates with custom CA not verified

Hi all.
I am trying to set up MS Dynamics CRM 2016 moblie application on 2 devices: Android and IOs. I have a deployment configuration ADFS + MS CRM, and It works correctly.

I made 3 certificates in openssl. My custom certification authority, and 2 child certificates, signed by this CA, all with private keys.
Certificates are generated following by step 5 of this manual
https://blog.httpwatch.com/2013/12/12/five-tips-for-using-self-signed-ssl-certificates-with-ios/

All certificates are installed on mobile devices.


I successed with setiing mobile app on Android device - it started and connected to my server through ADFS.


But when I am installing my child sertificates on Apple device, I have the problem:

1. I installed CA certificate on IOS device and it is verified.

2. I tried to install my child certificates - but IOs showed me "the profile is not signed"

3. I cannot even open web client by url at IOs device browser without SSL certificate issue, at the same time I successfully can open it from android browser or windows desktop.

4. Finally I cannot connect MS Dynamics CRM Mobile application from IOs, because "the server doesn't have trusted SSL certificate"


What can be the problem? What am I doing wrong?

Thank you. With regards, Yuriy.

Accepted Reply

I dont know the reason exactly.
But when I created real Certification Authority on my server, and started to use the same deployment with real CA and it's certificates - it works.

For completely review I need to compare two CA certificates to get to the reason.

Replies

The problem is still actual.
Will be glad to any advices.
Can attach my created certificates, maybe I did something wrong in certificate genreation.


Thank you.
With regards, Yuriy.

You might have more luck asking your question over in the Apple Support Communities, run by AppleCare, and specifically one of the In Business and Education topic areas. The folks over there have more experience with issues like this.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I dont know the reason exactly.
But when I created real Certification Authority on my server, and started to use the same deployment with real CA and it's certificates - it works.

For completely review I need to compare two CA certificates to get to the reason.