This discussion is archived
27368 Views 56 Replies Latest reply: Jun 30, 2010 7:40 PM by froowstie
Currently Being ModeratedJun 18, 2009 10:38 AM (in response to Sam777)I have the same problem. My identity certificates under «settings -> profiles» are empty, but
visible in the «VPN -> IPSec» settings... ???
Currently Being ModeratedJun 18, 2009 1:15 PM (in response to patbu)Yes exactly. I hadn't noticed that they were visible under IPSec>settings.iPhone OS 3.0
Currently Being ModeratedJun 18, 2009 8:45 PM (in response to Sam777)Same issue here. The certificate details are blank. Same certificate worked fine before the upgrade.iPhone 3g, iPhone OS 3.0
Currently Being ModeratedJun 19, 2009 1:22 AM (in response to Sam777)And us as well. We had a perfectly working cert that after upgrading to 3.0 OR installing fresh (on a restored phone) install, but then seems blank; the sync it supported (SSL to Exchange) no longer works!
I assume no-one has found a fix / workaround yet?!
DanMac Pro Nehalem 2.93, 16GB, GTX 285, MacBook Pro 2.8, 4GB, Mac OS X (10.5.7)
Currently Being ModeratedJun 19, 2009 5:14 AM (in response to dosers)I figured this out last night, it appears apple changed the way the Certificates are done with Exchange. Download iPhone Configuration Utility 2.0, on the Exchange screen attach the cert. The cert then gets put in the Profiles as a Exchange Account. The same profile that would show no details previously now shows the details.
Very frustrating that Apple couldn't have a smoother migration for upgrade for Corporate customers. They treat corporate customers like retail users . . . the fact that enterprises can't test prior to the release of software is what prevents iPhone from replacing Blackberry in the enterprise.Dell, iPhone OS 3.0
Currently Being ModeratedJun 19, 2009 9:20 AM (in response to mpusateri)To be clear, one still cannot import a functional personal identity certificate even using the iPhone Configuration Utility 2.0 on the Credentials option for Configuration Profiles. You still get a blank certificate. You CAN install an Exchange Certificate using the utility under Credential Name, and this might work for those that terminate SSL on their Active Sync server; however, if you terminate your SSL on a F5 appliance, you can't authenticate since the cert imported with the utility isn't passed to the Exchange Web server in this configuration. We use client certificates for various authentication scenarios and iPhone 3.0 software breaks client certificates. I've tried every format that the iPhone supports and none of them result in a usable identity certificate. Our users are unable to upgrade to 3.0 until this is fixed.3G, iPhone OS 3.0
Currently Being ModeratedJun 19, 2009 12:01 PM (in response to dorkeadus)I'm just posting to add fuel to this fire...I am having the same problems discussed in this thread. ActiveSync authentication no longer works when it requires a client side certificate and the user certificate shows up blank under the installed profile.
What's up with removing the domain, username and password fields also?IBM, Windows XP Pro
Currently Being ModeratedJun 19, 2009 1:08 PM (in response to Corporate Guy)The domain/user/password fields will be blank if you use the certificate option at the bottom of the Exchange field using the configuration tool. You would need to have your exchange server setup to allow pure certificate authentication. Most people just use a cert for the SSL aspect of the authentication and still pass a user/domain/password to the Active Sync server. I suspect you used the configuration tool instead of simply importing the certificate via gmail or some such.
If we remove the requirement for a client certificate from our SSL proxy, the iPhone can log in and start doing email. The problem is with the individual certificate store on a 3G iphone upgraded to 3.0 I do not yet have a 3G-S phone or a first gen phone to test the same functionality.
Hopefully Apple will release a patch soon-ly.3G, iPhone OS 3.0
Currently Being ModeratedJun 19, 2009 2:14 PM (in response to dorkeadus)Poor etiquette to reply to my own post, but a user just stopped by with their new 3G-S phone and I tried to import a personal identity cert and it has the same problem: the certificate is blank and cannot be used for authentication. Apparently certs weren't tested with the 3.0 iPhone...seems like a pretty large oversight.
Currently Being ModeratedJun 19, 2009 2:42 PM (in response to dorkeadus)I've tried to install Identity Certificates on first gen iPhones with OS 3.0 and they also have the blank Certificate issue.
One a side now, does anyone know what's the best way to flag this so Apple starts to work on the issue?iPhone OS 3.0
Currently Being ModeratedJun 19, 2009 4:10 PM (in response to Sam777)Sorry I am a noob. Where can I get the certificate from? I downloaded the config tool, but don't know how to put the file on my phone (or where to find it)...Blackbook, Mac OS X (10.5.4), iPhone 3GS | aTV 40GB
Currently Being ModeratedJun 21, 2009 2:48 PM (in response to Sam777)I can also confirm that I have this issue on a new 3G S. Really annoying, as I need to be able to log in to my corporate web sites that require client certs for authentication.
Is there a way to flag this to Apple? If someone can let me know then I'm happy to add my name to the list!3G S, iPhone OS 3.0
Currently Being ModeratedJun 22, 2009 7:43 AM (in response to biskyt)Same problem here! HELP!!!! - does anyone know if apple has flagged this as an issue that will get resolved with a patch?iPhone OS 3.0
Currently Being ModeratedJun 23, 2009 2:39 AM (in response to Sam777)I am new on this forum. I am curious to know if Apple is reading this support thread and will answer the certificate question.
I have checked with my company ISA server and obviously traces are showing that the user certificate is not sent from the iPhone to the ISA server therefore refusing the connection.
As mentionned in the top message of this discussion, the certificate that was working properly before the upgrade from 2.2.1 to 3.0 is not readable anymore when looking to detail window of the certificate. So the issue seems to be related to certificate attribute's content or missing attributes inside the certificate. I have tried to reload the certificate:
1/ using a pop email account, then the certifcate appeared as unsigned and with blank details (no issuer and no expiration date).
2/ using the iPhone configuration utility 2.0, then the certificate appeared as verified (and not unsigned as before) but with blank details.
- Is anyone know what are the changes that have occurred in the identity certificate management with version 3.0?
- Do you know about certificate that works for exchange synchronization with version 3.0?
Many thanks for your help.iPhone, iPhone OS 3.0