Lion Server: iOS 5 clients can't connect to Address Card Server

I have set up shared accounts on the server for Calendar and Address Book (family) sharing. Although I can add and use the Address Book shared account on OS X Lion clients, I can't get this to work on iOS 5 clients (iPhone nor iPad). I keep on getting "CardDAV account verification failed".

Calendar sharing works just fine on both OS X and iOS5 clients

Let me briefly describe my setup and observations:

Server:

• Running Lion Server 10.7.2 on Mac Mini (server)
• Using SSL connections with keys generated during set-up of the server
• Portforwarding in router (ao) for 8008 and 8843 (iCal and Address Book)
• Created shared accounts on server for Calendar ("sharedcalendar") and Address Book ("sharedcontacts")
• In the DNS server I created services in my primary zone for "_caldavs._tcp." and "_carddavs._tcp." both on port 8443

OS X Client (Calendar)

• Created additional CalDAV account in preferences (user "sharedcalendar")
• Left the server settings untouched (server path, port "auto" and using SSL but not Kerberos)
• Created in "sharedcalendar" different calendars and reminder lists for the family members which each can access from their OS X client
• This account is now set-up through Profile Manager (tried this with Address Book as well but didn't make any difference)

iOS 5 Client (Calendar)

• Once tested on standalone and got this working I'm now using the Profile Manager to push the definition of the shared account to all clients
• Hostname with port 8443 (default)
• Left Principal URL blank since it was optional
• User "shared calendar" with the appropriate password
• Ticked "Use SSL"

OS X client (Address Book)

• Created additional CardDAV account in preferences (user "sharedcontacts").
• Left the server settings untouched (port 443 using SSL)

iOS 5 client (Address Book)

• In the settings add a CardDAV account (server, user "sharedcontacts", password, description).
• First error message "Cannot connect Using SSL. Do you want to try setting up the account without SSL?". When I press continue I get the error "CardDAV account verification failed"
• If I then save the account details still and edit the account I can access the "advanced settings". When I change to SSL I have tried port 0 (default value), 8443 (the one that's listed in the documentation) and 8843 (which is used by default if you try to set up the
• account in Profile Manager). All to no avail, including Profile Manager

Observations:

• Lion Server app nicely lists both Calendar and Address Book Server as active (plus Profile Manager, File Server, Web server and Wiki server)
• When I access my server home page, Calendar is listed in addition to other services (Mail | Calendar | Change Password | Profile Manager) but not Address Book. Is this normal behaviour? i.e. can't Address Book entries be changed through a web interface?
• Address Book on OS X client uses 443 for SSL but does not require me to define port 8443 for secure iCal or Address Book server communications
• Lion Server Profile Manager specifies port 8843 as port for SSL communication. I only saw 8443 listed in documentation
• The response "can't connect .." or "account verification failed" happens very quick which make me think either the verification doesn't even leave the iPad or there is something wrong in the SSL connection
• Since iCal set-up works nicely using the same ports I am puzzled why it doesn't work for Address Book

Your solutions or suggestions how to investigate are most welcome,

Erik