Should I have to explicitly install CA certs that are already preinstalled in iOS?

Hi all,
I'm trying to understand how iOS deals with certificates and I'm wondering if anyone can explain a few things to me. I'm working on a system that would provide users with a personal identification certificate for authentication to various services (email, Wi-Fi, websites, etc.) via a configuration profile. Profile creation isn't a problem, but in testing website authentication, it seems that iOS (or Mobile Safari) requires me to provide the CA certificates that should already be on the device.
Here is the certificate chain that my colleague provides me with when I get the user's cert:
AddTrust External CA Root
↳ UTN-USERFirst-Client Authentication and Email
    ↳ InCommon Standard Assurance Client CA
       ↳ User's personal certificate
At first, I added the certificate as a single payload of type com.apple.security.pkcs12 with all the CA certificates in the chain included in the p12 data blob. This didn't seem to work since I'd get a warning from MobileSafari in the console log:
no itentities, but we have a challenge <NSURLAuthenticationChallenge: 0x1ddccd90>
Along with the following dialog in the browser:
This website requires a certificate
The required certificate is not installed.
Dismiss
The server's ssl_error_log reported:
Re-negotiation handshake failed: Not accepted by client!?
So I tried breaking out the certs into individual payloads. According to this article, iOS 5 and 6 has "AddTrust External CA Root" and "UTN-USERFirst-Client Authentication and Email" preinstalled and I shouldn't have to install them again. So I just included "InCommon Standard Assurance Client CA" and the user's cert as two separate payloads (of types com.apple.security.pkcs1 and com.apple.security.pkcs12 respectively), but that didn't work. I was only able to get it to work if I installed the entire cert chain (using com.apple.security.root as the payload type for the root cert).
Why is that? Shouldn't it already know about the two CAs? I can understand adding the "InCommon" CA since it's not preinstalled, but It seems strange that I have to explicitly provide the other CA certs.
FWIW, I've found out that there are at least three versions of "UTN-USERFirst-Client Authentication and Email":
Intermediate CA (expires Saturday, May 30, 2020 6:48:38 AM EDT)
Intermediate CA (expires Sunday, December 31, 2028 6:59:59 PM EDT)
Root CA (expires Tuesday, July 9, 2019 1:36:58 PM EDT)
The root version is the one preinstalled in iOS. When I evaluate the user's cert with the Certificate Assistant in OS X, the cert status is good no matter what chain it uses, but could this multiple CA certs thing be an/the issue?

Ariana...
so I assume there should be some track of them
Yes.
In the iTunes Store on the right under Quick Links click Purchased (new).
You'll be able to re download past purchases for free if you are a resident of the U.S., and have iTunes 10.3 or later installed.
Downloading past purchases from the App Store, iBookstore, and iTunes Store

Similar Messages

  • I have been trying to open itunes that has already been installed. But, the thing is it never opens and when i do right click and trouble shoot also, it doesnt open. I dont whats wrong with itunes and my comp is 64 bit windows 7. Can somebody please help

    I have been trying to open itunes that has already been installed. But, the thing is it never opens and when i do right click and trouble shoot also, it doesnt open. I dont whats wrong with itunes and my comp is 64 bit windows 7. Can somebody please help

    no its 64 bit version of itunes. Can you please help me. I am not able to sync my iphone.

  • HT5557 Using IBook, I can't seem to figure out how to insert a blank page inbetween pages that are already set up, like if you want to add some pictures or something.  Anyone have any tips on this?  Thanks, Mark

    Using IBook, I can't seem to figure out how to insert a blank page inbetween pages that are already set up, like if you want to add some pictures or something.  Anyone have any tips on this?  Thanks, Mark

    To enable the form to be signed in Reader you will need to open the form in Acrobat; goto Advanced>Enable Usage Rights and then save this copy of the form for sending out to the users.
    The user should then be able to edit and digitally sign the form. They can then email the signed/saved pdf as a browsed for attachment or via the email icon in the toolbar. Note - if you have created an email submit button on the form, then unless they have Acrobat they could only return an xml file.
    The other way to do this however is to create a dataset by 'distributing' the form. This time the Email Return button will send back a full version of the form. During the distribution setup you will have the option to email the form directly or to save it and send it later,so you can send to users as and when or even post it to a website or intranet.
    When you receive and open the returned form it will ask whether you want to add it to the predetermined dataset (or if you want to categorise the returns into geographical areas for example, you could create new additional datasets at this point). If the form is data heavy however, the dataset will become very large and unwieldy pretty quickly, but you can export the data from it (including signatures) in xml format and import this into an Excel spreadsheet.
    To simplify the Excel xml import process I'd recommend you carefully structure your form in the hierarchy (LiveCycle) into the order you would want the data items to appear in your spreadsheet and switch off those data items that you will not need by setting the default binding for the irrelevant fields to "None".
    Clear as mud? Hope this helps.

  • I am not sure how to install my filters that are in PSE10 into PSE11

    I have several filters that I bought and installed on PSE10.  Can I install these in the PSE11?  and how?

    I just copied the files of the plugins that I wanted to the correct PSE11 folders so that if I decide to get rid of PSE10 I don't have to worry about reinstalling anything they are already there.  And for now the plugins are working in both versions.  So, I can say I am very happy.  For the next 30 days I will try out the PSE11 and then will probably be purchasing it before my trial version expires. 

  • When iWorks for iCloud Beta become available I subscribed to it. After that I become unable to access iCloud at all as in all my devices I get messages to install it and other apps (find my phone, etc) that are already active. Anyone could help?

    When iWorks for iCloud Beta become available I subscribed to it. After that I become unable to access iCloud at all as in all my devices I get messages to install it and other apps (find my phone, etc) that are already active. Anyone could help?

    The first time an iPhone is connected to iTunes that is used to sync with another iPhone or iOS device, you are prompted to transfer the backup for the other iPhone or iOS device or to set up the iPhone as a new iPhone.
    The former does as provided - it transfers the backup for the other iPhone or iOS device to the iPhone replacing all data on the iPhone that is included with the backup being transferred. The latter does nothing allowing you to make your various selections for the iPhone sync preferences with iTunes.
    This is designed to be done right away with a new iPhone.
    If you don't have a backup for the iPhone with iTunes on your computer and don't have an iCloud backup that hasn't been updated since choosing to transfer the backup for your iPod Touch to the iPhone, the data that was on the iPhone is gone.

  • HT2729 i have recently purchased a new computer and set up my i tunes account on it. i have synced my ipad but it wont sync the films that are on the ipad already. when i go to add on some new films it tells me i will lose the films that are already on th

    Hi i have recently purchased a new pc and set up my itunes account on it - i have synced my ipad to it but it wont sync the films that are stored on the ipad. when i go to add new ones are it says it will delete the ones on the ipad and replace them with the new ones.How can i keep the films that are already on there and get them into itunes?
    I am unable to delete my itunes account on my old pc due to technical failure - could this be why?
    Hannah

    Sync Your iOS Device with a New Computer Without Losing Data
    http://www.howtogeek.com/104298/sync-your-ios-device-with-a-new-computer-without -losing-data/
    Syncing to a "New" Computer or replacing a "crashed" Hard Drive
    https://discussions.apple.com/docs/DOC-3141
     Cheers, Tom

  • I have home videos on my ipad that are no longer on my windows 7 pc and i need them back on my computer so that I can email them out (can't share from that program on ipad), how do i get them back on my pc?

    I have home videos on my ipad that are no longer on my windows 7 pc and i need them back on my computer so that I can email them out (can't share from that program on ipad), how do i get them back on my pc?

    Hey JennaPickle,
    If you want to get your personal vidoes off your iPad and onto your computer, follow the steps in this document:
    iOS: Importing personal photos and videos from iOS devices to your computer
    http://support.apple.com/kb/HT4083
    Take care,
    Delgadoh

  • HT1711 Why do I have to pay extra for something that I already bought? Shouldn't I be able to have access to my music even if its not through apple? This is ridiculous when I go to the store and buy a CD I'm not relegated to only playing it on one CD play

    Why do I have to pay extra for something that I already bought? Shouldn't I be able to have access to my music even if its not through apple? This is ridiculous when I go to the store and buy a CD I'm not relegated to only playing it on one CD player

    iTunes Plus is the name for the option in iTunes that allows customers to buy music at the iTunes Store that is free from digital rights management, or DRM.
    Digital Rights Management, or DRM, is designed to prevent unauthorized sharing of files. This especially became a big concern for the music industry after the rise of Napster, Limewire, and Kazaa.
    DRM, even the DRM used by Apple on iTunes Store content, prevented that. Apple's DRM allowed users to share files on only up to 5 computers.
    According to TUAW, the new iTunes Plus songs have information embedded in them that identifies the user who bought and shared them by name.
    This means that if you share your music and record companies want to track you down and sue for you copyright infringement, it's going to be easy.
    This may help you understand why you would need iTunes Plus - http://support.apple.com/kb/ht1711.
    It may be that Android required that type of file to be able to let it sync.  See here - http://developer.android.com/guide/appendix/media-formats.html.

  • I have nine, 1-page PDF files that are accessible and need to combine into 1 PDF file.  I have tried appending, adding and the combine PDFs process. The file created is not keeping my changes. The created file is partially accessible but I have to re-fix

    I have nine, 1-page PDF files that are accessible and need to combine into 1 PDF file.  I have tried appending, adding and the combine PDFs process. The file created is not keeping my changes. The created file is partially accessible but I have to re-fix issues I had fixed in the single files. I need suggestions on what else can be done if any. Using Acrobat pro XI.

    Out of habit, I tend to combine PDF files in the Page Thumbnails pane by right-click then "Insert Pages" -> "From File". For me, this preserves the tags from both documents, although the tags may have to be moved into the right location (if I recall correctly the tags for the inserted pages get put at the end of the tag structure, regardless of where the pages are inserted), If I first put the tags for the document to be inserted inside a container tag like Section, it makes the process easier. Moving that set of tags to the right place is the only re-fixing that I recall having to do. What behavior are you experiencing?
    a 'C' student

  • I want to establish a new and separate Apple ID from my husband's.  We have six Apple devices between us that are aleady associated with our current joint ID.How is this done?

    I want to establish a new and separate Apple ID from my husband's.  We have six Apple devices between us that are aleady associated with our current joint ID.How is this done?

    In order to have a separate 5GB of storage he would need to have his own iCloud account with a separate ID.  You can still share the same ID for iTunes; it does not need to be the same as the ID used for iCloud.
    In order to migrate his phone to a separate account, begin by saving any photo stream photos that he wants to keep on his phone to the camera roll by opening the photo stream album in the thumbnail view, tapping Edit, then tap all the photos he wants to save, tap Share and tap Save to Camera Roll. 
    Once this is done, go to Settings>iCloud on his phone, scroll to the bottom and tap Delete Account.  (This will only delete the account from this phone, not from iCloud.  Other devices still using the account will not be effected by this.)  When prompted about what to do with the iCloud data, choose Keep On My iPhone.  Next, set up a new iCloud account using a different Apple ID (if you don't have one, tap Get a Free Apple ID at the bottom).  Then turn iCloud data syncing for contacts, etc. back to On, and when prompted about merging with iCloud, choose Merge.  This will upload the data to his new account.
    Finally, if there is any merged data in the accounts you will then have to go to icloud.com on your computer and sign into each iCloud account separately and manually delete the data you don't want from each account.

  • My macbook pro keeps saying I have 450 gigabytes out of 500 that are used.  But when I look on finder there are no files that are anywhere close to that amount.  I went through and deleted files from my mac and now I only have 10 gs free

    My macbook pro keeps saying I have 450 gigabytes out of 500 that are used.  But when I look on finder there are no files that are anywhere close to that amount.  I went through and deleted files from my mac and now I only have 10 gigabytes of additional space free. My mac now says I have 440 gigs of other that is used. But does not make sense, do I have a virus?

    Since you have not identified the OS your MBP is using, these extract may or may not assist you.
    http://pondini.org/OSX/LionStorage.html
    http://pondini.org/OSX/DiskSpace.html
    You may also download from the Internet OmniDiskSweeper (free) and open it it will show all of the files on your MBP and the respective sizes.
    ciao.

  • HT4623 In my iphone currently there is ios 6.1.2 .. if i update it into 6.1.3 can i have to do repurchase or reinstall all the applications that are currently working on ios..?

    In my iphone currently there is ios 6.1.2 .. if i update it into 6.1.3 can i have to do repurchase or reinstall all the applications that are currently working on ios..?

    Perform the Update using iTunes on the computer you usually Sync and Backup to...
    See the Using iTunes Section Here...
    How to update your iPhone, iPad, or iPod touch

  • Requires me to install programs that are already installed

    I keep trying to install Google voice but it keeps asking me to install it even days after I installed it. Same with the Netflix Microsoft Silverlight that is needed to play the instant queue. Why does it ask me to install programs that are already installed. I already uninstalled them and reinstalled them but that did not work either. PLEASE HELP!

    There's a new version 5.7.1.  If you click on install, it will install the new version in lieu of 5.7.

  • We have some 3rd generations iPod touches that are note syncing with the computer we have. The original computer that the ipods was synced to is gone. We downloaded the itunes to the new computer and logged on as the same account and it won't sync.

    We have some 3rd generations iPod touches that are note syncing with the computer we have. The original computer that the ipods was synced to is gone. We downloaded the itunes to the new computer and logged on as the same account and it won't sync the applications we have.

    An iPod can pn;y sync wiht one iTunes kibrary and the new computer is a new iTunes library:
    - Transfer iTunes purchases to the computer by:
    iTunes Store: Transferring purchases from your iPhone, iPad, or iPod to a computer
    - Transfer other music by using a third-party probgram like one of those dicussed here:
    Copy music from Ipod to new computer...: Apple Support Communities
    - Connect the iPod to the computer and make a backup by right clicking on the iPod under Devices in iTunes and select Back Up
    - Restore the iPod from that backup

  • When I checked for updates to my plug-ins, there were 4 listed as out-of-date that are already installed on my computer. Is there a problem with Firefox recognizing them????

    Wondering because I am having problems with not being able to print some stuff from the web or sometimes see media. Plug-ins listed as out-of-date (but that are installed) are Adobe Reader, Quick Time, Java and Flash Player.

    If you have problems with updating or with the permissions then easiest is to download the full version and trash the currently installed version to do a clean install of the new version.
    Download a new copy of the Firefox program and save the DMG file to the desktop
    * Firefox 5.0.x: http://www.mozilla.com/en-US/firefox/all.html
    * Trash the current Firefox application to do a clean (re-)install
    * Install the new version that you have downloaded
    Your profile data is stored elsewhere in the Firefox Profile Folder, so you won't lose your bookmarks and other personal data.
    * http://kb.mozillazine.org/Profile_folder_-_Firefox

Maybe you are looking for

  • TS1814 how do i update my old iphone? into a new version

    please help me how to update my iphone

  • 9.2.0.6 jdbc driver

    Where can I get a 9.2.0.6 jdbc driver? Or does anyone know if the 9.2.0.5 jdbc driver will work for Oracle 9.2.0.6? Thanks

  • Master detail form

    Hi team, I am trying to create a Master detail form. I have two tables artist_master, pk group_code Artist_detail pk group_code. I have linked it as foreign key to Artist_master I have used the wizard to create the form. In the report page when I cli

  • Option for Drilldown in Activites Description

    Hi SAP PS Team, We would like to use activites and description which is always same for each projects which we are creating. In this, i would like to know, any option to use a drilldown for selecting the activites in description. All the activites i

  • Bug in theme effects-Nokia 5230

    Dear friends, I'm using Nokia 5230 for an year. I noticed a bug with theme effects after update to v21.x.x and this bug is not recovered by Nokia upto v40.x.x. The bug is when you press Options then You will see an option call "Show open apps. *" the