Any chance there is going to be a fix for the issue with SSL and Safari when using the CommitCRM web interface on an iPhone/ipad?
Announcement
Collapse
No announcement yet.
Web access on iOS
Collapse
X
-
lpopejoy
- 942
Web access on iOS
-
Support Team
- 7558
Re: Web access on iOS
We have not yet deeply reviewed this so we do not expect any changes in our coming release. You should probably use another Web browser for iPhone/ipad in case you want to use SSL and it fails with Safari. We will review it for the following release and hopefully it is someone in our control and not something with Safari or the certificate. Thanks for following up on this.
-
BDTECHRob
- 124
Re: Web access on iOS
Guys this is a big issue I have attempted to switch to using SSL today however have found that my techs can not access it in the field from their IPads.it doesn't work regardless of what browser you use. I need to find a resolution for this AsAP as replacing 56 iPads with android devices is not an option ( i haven't tested android it may have the same issue). Even on desktops after configuring ssl it would only work in Internet explorer
Comment
-
Support Team
- 7558
Re: Web access on iOS
Thanks for posting this. We've heard something similar with iPhone and iOS 6. Another guy in this forum referred to https://discussions.apple.com/thread...art=0&tstart=0 and it does seem to discuss related issues and their resolutions.
Also, did you try with Chrome? Someone else posted thatChrome on iOS 6 does load the page, but after you login, you have to "cancel navigation" and then reload again, and then the actual page will load. If you don't do this, then it just sits there forever trying to load the page.
Besides, we will be looking at it again to verify whether there is anything in our control over it.
Comment
-
lpopejoy
- 942
Re: Web access on iOS
I think the quote about Chrome came from me... At any rate, yes, it does load, but you have to be VERY patient. It takes multiple stopping the page and refreshing it when it is trying to load (after user credentials are entered).
I would love to get it fixed, but just haven't had time to troubleshoot. I am glad that isn't just me though!
I'm sure that this has to be something that is some anomaly in the CommitCRM Web interface/server - no other pages that I've ever used w/ SSL have any problems. I don't know what it is, but I would be happy to get you any info you need to troubleshoot.
I got my SSL cert from godaddy - I was thinking about getting a new one from somewhere else to see if that resolves the problem.
@ BDTechrob, who is your cert from - if you don't mind me asking?
Comment
-
lpopejoy
- 942
Re: Web access on iOS
Just checked the CommitWebInterface.log file. Here is what a connection from an iOS device looks like:
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server done A"
06/13/2013 09:35 AM SSL status: "SSLv3 flush data"
06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server done A"
06/13/2013 09:35 AM SSL status: "SSLv3 flush data"
06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server done A"
06/13/2013 09:35 AM SSL status: "SSLv3 flush data"
06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
I don't have any idea what a "good" connection looks like so I don't know if the above is normal or abnormal.
Comment
-
lpopejoy
- 942
Re: Web access on iOS
Just for the record, here is what a successful load of the login page looks like in the logs:
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
Comment
-
Support Team
- 7558
Re: Web access on iOS
Thanks. We will look into it though it does not seem like it stopped on our side. In any case we do understand how annoying this is and will look into it. Hopefully it is something that we can control from our end.
Comment
-
lpopejoy
- 942
Re: Web access on iOS
My guess is that it is the cipher type or the encryption bit level. Do you know if there is a way to change those things in your webserver - I would probably have to rekey the cert too, not sure how all those pieces fit together. What webserver is running Commit's web interface? Is it something proprietary or something that would have some public documentation on its SSL features?
Comment
-
BDTECHRob
- 124
Re: Web access on iOS
@lpopejoy, I use a godaddy cert also. My tech that I tasked with getting this going mentioned something about possibly goddady being an intermediate cert authority and not fully trusted in iOS. We were not able to get the page to load in any browser on iOS nor could we get it to load on desktops other than using IE.
I did find a link on the issue with a bit of googleing and plan to try this fix tomorrow to see if it works
http://blogs.citrix.com/2010/01/20/h...ri-and-iphone/
However in normal circumstances with the above method my technicians tell me normally they would add the intermediate cert it self to the web server in IIS or exchange
Comment
-
lpopejoy
- 942
Re: Web access on iOS
Since my certificate was overdue for renewal, I renewed it. Changed from md5 to sha1 just for fun - key length 2048. Same problem - but still Godaddy cert.
I agree with BDTECHRob - I think the issue is the intermediate cert.
@commitsupport, could you give us some advice as to how to make your webserver work with intermediate certifcates?
Comment
-
Support Team
- 7558
Re: Web access on iOS
We're not sure what is causing this but it does seem to be related to using Godaddy intermediate certificates indeed, maybe if you will install the related/chain certificates it will work, please give it a try as per BDTECHRob linked post.
Comment
-
lpopejoy
- 942
Re: Web access on iOS
I did install the cert manually on my phone per the link above - that didn't help, sorry! Intermediate certs should be on the web server, not the clients - is there some way to get the intermediate certs in your web service?
Comment
-
Support Team
- 7558
Re: Web access on iOS
It seems like the problem is not happening on the server side but rather on the client side as from what we understand it does work well with other devices such as your PC (same server, same certificate).
In any case there aren't any additional control options at the server side.
Comment
-
BDTECHRob
- 124
Re: Web access on iOS
Guys it is an issue with the Web server and it only works on the pc using Internet Explorer. if you google the issue you will see there is a method to import the intermediate certificate into just about every Web server ever made. IIS Apache tomcat they all support this so your Web server should also. If this is to hard you shouldn't claim the system supports SSL as I have not only waisted money buying a certificate I have also spent over $1000 of billable time trying to make it work. Moving forward I would like to say that it will be absolutely necessary for me to use SSL to protect the sensitive data in my system.
Comment
Comment