Skip navigation
This discussion is archived

Identity Certificate not installing properly on OS 3.0

27324 Views 56 Replies Latest reply: Jun 30, 2010 7:40 PM by froowstie RSS
1 2 3 4 Previous Next
Sam777 Calculating status...
Currently Being Moderated
Jun 18, 2009 8:21 AM
Having issues installing p12 identity certificate on OS 3.0. Same exact identity certificate installs fine on OS 2.2. I am also able to import the certificate using Firefox and Internet Explorer.

When installing the certificate on OS 3.0, the install seems to go through. But when I open the identity certificate under General>Profiles and look in More Details, the certificate is blank. Using the iPhone Configuration Utility to monitor the device console, I noticed the following error "Error (-25300) while trying to retrieve an identity certificate's details".
iPhone OS 3.0
  • patbu Calculating status...
    Currently Being Moderated
    Jun 18, 2009 10:38 AM (in response to Sam777)
    I have the same problem. My identity certificates under «settings -> profiles» are empty, but
    visible in the «VPN -> IPSec» settings... ???
  • iamcoh Calculating status...
    Same issue here. The certificate details are blank. Same certificate worked fine before the upgrade.
    iPhone 3g, iPhone OS 3.0
  • dosers Level 2 Level 2 (390 points)
    And us as well. We had a perfectly working cert that after upgrading to 3.0 OR installing fresh (on a restored phone) install, but then seems blank; the sync it supported (SSL to Exchange) no longer works!
    I assume no-one has found a fix / workaround yet?!

    Mac Pro Nehalem 2.93, 16GB, GTX 285, MacBook Pro 2.8, 4GB, Mac OS X (10.5.7)
  • mpusateri Level 1 Level 1 (0 points)
    I figured this out last night, it appears apple changed the way the Certificates are done with Exchange. Download iPhone Configuration Utility 2.0, on the Exchange screen attach the cert. The cert then gets put in the Profiles as a Exchange Account. The same profile that would show no details previously now shows the details.

    Very frustrating that Apple couldn't have a smoother migration for upgrade for Corporate customers. They treat corporate customers like retail users . . . the fact that enterprises can't test prior to the release of software is what prevents iPhone from replacing Blackberry in the enterprise.
    Dell, iPhone OS 3.0
  • dorkeadus Calculating status...
    To be clear, one still cannot import a functional personal identity certificate even using the iPhone Configuration Utility 2.0 on the Credentials option for Configuration Profiles. You still get a blank certificate. You CAN install an Exchange Certificate using the utility under Credential Name, and this might work for those that terminate SSL on their Active Sync server; however, if you terminate your SSL on a F5 appliance, you can't authenticate since the cert imported with the utility isn't passed to the Exchange Web server in this configuration. We use client certificates for various authentication scenarios and iPhone 3.0 software breaks client certificates. I've tried every format that the iPhone supports and none of them result in a usable identity certificate. Our users are unable to upgrade to 3.0 until this is fixed.
    3G, iPhone OS 3.0
  • Corporate Guy Calculating status...
    I'm just posting to add fuel to this fire...I am having the same problems discussed in this thread. ActiveSync authentication no longer works when it requires a client side certificate and the user certificate shows up blank under the installed profile.

    What's up with removing the domain, username and password fields also?
    IBM, Windows XP Pro
  • dorkeadus Level 1 Level 1 (0 points)
    The domain/user/password fields will be blank if you use the certificate option at the bottom of the Exchange field using the configuration tool. You would need to have your exchange server setup to allow pure certificate authentication. Most people just use a cert for the SSL aspect of the authentication and still pass a user/domain/password to the Active Sync server. I suspect you used the configuration tool instead of simply importing the certificate via gmail or some such.

    If we remove the requirement for a client certificate from our SSL proxy, the iPhone can log in and start doing email. The problem is with the individual certificate store on a 3G iphone upgraded to 3.0 I do not yet have a 3G-S phone or a first gen phone to test the same functionality.

    Hopefully Apple will release a patch soon-ly.
    3G, iPhone OS 3.0
  • dorkeadus Level 1 Level 1 (0 points)
    Poor etiquette to reply to my own post, but a user just stopped by with their new 3G-S phone and I tried to import a personal identity cert and it has the same problem: the certificate is blank and cannot be used for authentication. Apparently certs weren't tested with the 3.0 iPhone...seems like a pretty large oversight.
  • Adam Jones Calculating status...
    Sorry I am a noob. Where can I get the certificate from? I downloaded the config tool, but don't know how to put the file on my phone (or where to find it)...
    Blackbook, Mac OS X (10.5.4), iPhone 3GS | aTV 40GB
  • biskyt Level 1 Level 1 (0 points)
    I can also confirm that I have this issue on a new 3G S. Really annoying, as I need to be able to log in to my corporate web sites that require client certs for authentication.

    Is there a way to flag this to Apple? If someone can let me know then I'm happy to add my name to the list!
    3G S, iPhone OS 3.0
  • ownzilla Level 1 Level 1 (0 points)
    Same problem here! HELP!!!! - does anyone know if apple has flagged this as an issue that will get resolved with a patch?
    iPhone OS 3.0
  • mdawance Calculating status...
    I am new on this forum. I am curious to know if Apple is reading this support thread and will answer the certificate question.

    I have checked with my company ISA server and obviously traces are showing that the user certificate is not sent from the iPhone to the ISA server therefore refusing the connection.

    As mentionned in the top message of this discussion, the certificate that was working properly before the upgrade from 2.2.1 to 3.0 is not readable anymore when looking to detail window of the certificate. So the issue seems to be related to certificate attribute's content or missing attributes inside the certificate. I have tried to reload the certificate:

    1/ using a pop email account, then the certifcate appeared as unsigned and with blank details (no issuer and no expiration date).

    2/ using the iPhone configuration utility 2.0, then the certificate appeared as verified (and not unsigned as before) but with blank details.

    - Is anyone know what are the changes that have occurred in the identity certificate management with version 3.0?

    - Do you know about certificate that works for exchange synchronization with version 3.0?

    Many thanks for your help.
    iPhone, iPhone OS 3.0
1 2 3 4 Previous Next


More Like This

  • Retrieving data ...

Bookmarked By (0)


  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.