May 28

Recently was setting up clients iPhone to access our mail servers using IMAP over SSL. Problem was we kept getting an error say that the username or password were incorrect. The username and password entered in the iPhone setup were correct. Using the identical setup to access the same email account from my iPhone worked fine.

Fortunately we had setup the phone so that all it’s data was either being accessed or synced from the cloud so resetting the phone was no drama. Unfortunately resetting his phone didn’t make any difference, still could not connect.

After increasing the logging on the mail server it was discovered the issue was that the iPhone did not have the required SSL certificate installed to make the required connection. The reason my iPhone worked I think is because I sync mine with a Mac whereas the phone that could not connect was syncing with a Windows box. Am assuming that the syncing with the Mac copied the certificate to my iPhone for me, but have not confirmed this.

To install the certificate we took the following steps.

  1. Create a DER format certificate

    iPhone does not understand PEM (Privacy-Enhanced Mail) formatted certificates and instead expects the certificate to be in DER (Distinguished Encoding Rules) format. So we need to create a DER version of the mail certificate on the server using openssl.

    openssl x509 -in /etc/ssl/certs/ssl-mail.pem -inform PEM -out mail.der -outform DER

  2. Copy the DER certificate so it is accessible from your web server

  3. Open the certificate on your iPhone

    Using Safari on the iPhone open the certificate that you just created. You will be prompted if you want to install the certificate. Press the “Install” button to install the certificate on your iPhone.

  4. Reboot your iPhone

    After restarting the iPhone the certificate should be available and you will be able to connect to the mail server using SSL without any problems.

written by Obiweb \\ tags: , , , , , ,

Jan 22

To listener for SSL connections you need to use a ServerSocket using the SSLServerSocketFactory cla as shown in the following example.

// Create the listening server socket

ServerSocketFactory serverSocketFactory = 
int port = 443;
ServerSocket ssocket = 
// Listen for SSL connections

Socket socket = ssocket.accept();

// Treat the connection as you would any socket

In addition you will also need to add the certificate (that is sent to the connecting client) to the keystore used by the application.

written by objects \\ tags: , , , ,

Oct 15

You need to add the public key of the server you are connecting to to the keystore being by your application.

You can use the application InstallCert found in the question “How do I programatically extract a certificate from a site and add it to my keystore?” to extract the public key from the server and store it in your keystore.

written by objects \\ tags: , , ,