iphone SSL client cert for mail

[Guest]

Welcome, Guest. Please login or register.

1 Hour 1 Day 1 Week 1 Month Forever

Login with username, password and session length

22/06/2023, 10:15 AM Syklone - ..... hi

18/02/2023, 07:10 PM Damit - https://discord.gg/fYqDFYx

18/02/2023, 07:09 PM Damit - join us on Discord https://discord.com/inv... ite/fYqDFYx

29/11/2022, 12:19 PM BoHiCa - YESSSSSS

26/10/2022, 04:27 PM Victor9-5 - yooooooooooooo!

21/05/2021, 06:19 AM DonutKing - First post

28/08/2020, 08:39 AM Damit - its because we are all on discord now mrx

29/07/2020, 07:42 PM MrX - Its a bit dead round here

29/07/2020, 07:42 PM MrX - Anybody playing COD 

26/03/2020, 10:52 AM Epsoma - Hey Team. Locked down in self isolation. Hope you all are good.

View All

[DonutKing]

Hey apple gurus,

Any way to get iphone to support client certificate authentication for mail?

i.e. instead of entering user/pass it just takes a certificate from the mail client...

I've been trying to setup IMAP over SSL for remote mail access but it appears the standard mail app won't do client cert auth.
I've got it working with SSL without checking client certificates but I want to lock it down so only devices with our certificate installed can access our mail server.
Apparently if you have Exchange you can do this but you have to use the ActiveSync HTTPS frontend instead of IMAPS... and we don't have exchange anyway.
This is for corporate users so jailbreaking is a no-no

It appears Outlook Express and Windows Mail don't support this either, (at least, I couldn't get it to work) but Mozilla Thunderbird does.

Cheers

[DonutKing]

Where is my free tech support. Where is it.

since the 'IT gurus' don't seem to know anything about this I'll pass this on to someone who does.

Help me Chalice you're my only hope

[BoHiCa]

Oh fuck.... cant have that have you been here

http://www.apple.com/support/iphone/enterprise/
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

Sorry but thats all could find, in such a hurry.... but I have only used exchange and the phones.

[Chalice]

Well Donut...i'm glad you asked!

Ignore Bohica and his "exchanging Phones" philosophy...utter rubbush and clearly no help at all.

The problem as I see it, is that the mail client is giving away certificates at a whim, instead of making things earn them and as such everything is able to have a piece of the proverbial pie.  What are the certificates its handing out?  Are they like these -







?

So in conclusion I think the best thing to do is to sit down over a cuppa and let the mail client know that its admirable that it is being so generous with its recognition BUT it is becoming a problem and they need to earn these certificates in future.

Another possiblility is that the mail client is taking bribes!  By not asking them for their id (user/pass) and letting them into the "club" for free...Indeed, giving them a certificate of attendance as well...seems a bit suss, maybe install a camera and catch the bugger out?

 Express and windows mail are upstanding gentleman and wouldn't support this sort of behaviour as you so rightly stated..mozilla on the other hand is a lying, cheating fuck who'll do anything for a quick buck or two, dont turn your back on that cunt for a second...you've been warned.



Hope that helps,

Chalice
IT Guru

[DonutKing]

Oh fuck.... cant have that have you been here

http://www.apple.com/support/iphone/enterprise/
http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf

Sorry but thats all could find, in such a hurry.... but I have only used exchange and the phones.

Yeah looked through all that. I've kind of come to the conclusion that this can't be done without ActiveSync or Outlook Web Access. Since I'm using Dovecot & Postfix its not much good. Seems the Mail app just doesn't support client cert auth. I've got SSL encryption working no problems with a self signed cert, there's just no way to require a certificate installed on the client device for authentication.


But all that's moot because I'm pretty sure chalice sorted it out.
I've asked the client to stop handing out certificates willy-nilly. We've managed to compromise and its agreed that it will only hand out gold star stickers from now on.

Of course the problem here is that anyone with a gold star can use our mail system, but we're just taking baby steps, one thing at a time.

[Chalice]

Glad to see it has been resolved in such a friendly way bud.

Once the stickers are done, move onto stamps and hopefully it will have gotten the idea by then..well done and good job with the sticker idea