Web access on iOS

Any chance there is going to be a fix for the issue with SSL and Safari when using the CommitCRM web interface on an iPhone/ipad?

We have not yet deeply reviewed this so we do not expect any changes in our coming release. You should probably use another Web browser for iPhone/ipad in case you want to use SSL and it fails with Safari. We will review it for the following release and hopefully it is someone in our control and not something with Safari or the certificate. Thanks for following up on this.

Guys this is a big issue I have attempted to switch to using SSL today however have found that my techs can not access it in the field from their IPads.it doesn't work regardless of what browser you use. I need to find a resolution for this AsAP as replacing 56 iPads with android devices is not an option ( i haven't tested android it may have the same issue). Even on desktops after configuring ssl it would only work in Internet explorer

Thanks for posting this. We've heard something similar with iPhone and iOS 6. Another guy in this forum referred to https://discussions.apple.com/thread...art=0&tstart=0 and it does seem to discuss related issues and their resolutions.
Also, did you try with Chrome? Someone else posted that

Quote:

Chrome on iOS 6 does load the page, but after you login, you have to "cancel navigation" and then reload again, and then the actual page will load. If you don't do this, then it just sits there forever trying to load the page.

so please give it a try too.

Besides, we will be looking at it again to verify whether there is anything in our control over it.

I think the quote about Chrome came from me... At any rate, yes, it does load, but you have to be VERY patient. It takes multiple stopping the page and refreshing it when it is trying to load (after user credentials are entered).

I would love to get it fixed, but just haven't had time to troubleshoot. I am glad that isn't just me though!

I'm sure that this has to be something that is some anomaly in the CommitCRM Web interface/server - no other pages that I've ever used w/ SSL have any problems. I don't know what it is, but I would be happy to get you any info you need to troubleshoot.

I got my SSL cert from godaddy - I was thinking about getting a new one from somewhere else to see if that resolves the problem.

@ BDTechrob, who is your cert from - if you don't mind me asking?

Just checked the CommitWebInterface.log file. Here is what a connection from an iOS device looks like:

06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server done A"
06/13/2013 09:35 AM SSL status: "SSLv3 flush data"
06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server done A"
06/13/2013 09:35 AM SSL status: "SSLv3 flush data"
06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "before/accept initialization"
06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A"
06/13/2013 09:35 AM SSL status: "SSLv3 write server done A"
06/13/2013 09:35 AM SSL status: "SSLv3 flush data"
06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"
06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A"

I don't have any idea what a "good" connection looks like so I don't know if the above is normal or abnormal.

Just for the record, here is what a successful load of the login page looks like in the logs:
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "before/accept initialization"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A"
06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A"
06/13/2013 09:42 AM SSL status: "SSLv3 write finished A"
06/13/2013 09:42 AM SSL status: "SSLv3 flush data"
06/13/2013 09:42 AM SSL status: "SSLv3 read finished A"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1
; bits = 256; version = TLSv1/SSLv3;
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"
06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully"

Thanks. We will look into it though it does not seem like it stopped on our side. In any case we do understand how annoying this is and will look into it. Hopefully it is something that we can control from our end.

My guess is that it is the cipher type or the encryption bit level. Do you know if there is a way to change those things in your webserver - I would probably have to rekey the cert too, not sure how all those pieces fit together. What webserver is running Commit's web interface? Is it something proprietary or something that would have some public documentation on its SSL features?

@lpopejoy, I use a godaddy cert also. My tech that I tasked with getting this going mentioned something about possibly goddady being an intermediate cert authority and not fully trusted in iOS. We were not able to get the page to load in any browser on iOS nor could we get it to load on desktops other than using IE.
I did find a link on the issue with a bit of googleing and plan to try this fix tomorrow to see if it works
http://blogs.citrix.com/2010/01/20/h...ri-and-iphone/

However in normal circumstances with the above method my technicians tell me normally they would add the intermediate cert it self to the web server in IIS or exchange

Since my certificate was overdue for renewal, I renewed it. Changed from md5 to sha1 just for fun - key length 2048. Same problem - but still Godaddy cert.

I agree with BDTECHRob - I think the issue is the intermediate cert.

@commitsupport, could you give us some advice as to how to make your webserver work with intermediate certifcates?

We're not sure what is causing this but it does seem to be related to using Godaddy intermediate certificates indeed, maybe if you will install the related/chain certificates it will work, please give it a try as per BDTECHRob linked post.

I did install the cert manually on my phone per the link above - that didn't help, sorry! Intermediate certs should be on the web server, not the clients - is there some way to get the intermediate certs in your web service?

It seems like the problem is not happening on the server side but rather on the client side as from what we understand it does work well with other devices such as your PC (same server, same certificate).
In any case there aren't any additional control options at the server side.

Guys it is an issue with the Web server and it only works on the pc using Internet Explorer. if you google the issue you will see there is a method to import the intermediate certificate into just about every Web server ever made. IIS Apache tomcat they all support this so your Web server should also. If this is to hard you shouldn't claim the system supports SSL as I have not only waisted money buying a certificate I have also spent over $1000 of billable time trying to make it work. Moving forward I would like to say that it will be absolutely necessary for me to use SSL to protect the sensitive data in my system.

any update on this issue guys? or at least acknowledgement of the issue.

Has anyone had it working on IOS devices with other SSL certificates? (other than Godaddy)

We're still reviewing this. Thanks for asking.

Thanks for reviewing it :-)

Is Anyone using SSL for the Web interface at all? Does it work on iPhone/ipad for you? Please let us know

Bumping this up to the top so you know it is still a massive issue for me

Yes, we understand. Unfortunately we do not have any updates on this at this time. As far as we know in some cases it works with Chrome, but from what you described this is not always the case. We will post back once we have anything. Thank you.

Any updates on this? Has anyone got it working?

Not too much. It does seem to be related to using intermediate certificates and the fact that they need to be chained to the root certificates.

Is there any SSL cert vendor that doesn't need intermediate certs? Anyone know?

I'm thinking that there must be no one else using the web interface with SSL.

Just tested against another installation of CommitCRM using a different CA, with the same results. (Thanks @ascendnet!)

Great news guys CommitCRM support have been able to solve this issue for us. I would like to express just how happy I am with CommitCRM support, I am truly glad that I made the decision to use CommitCRM for our business as there would not be another company in the world that strive so hard to support their user's. Well done guys for providing truly first class support system

+1 :) Great job. ThanksCommitCRM.

You are welcome! Thank you guys for your kind words :-)

So just out of curiosity, what was the issue?

Sure, it was something related to low level implementation of the protocol with how to use the certificates on this platform. We were very happy to discover that it solves this issue.

Will there be documentation posted so we can update our cert installation process or is this something that will be changed in a future release?

This will be included in the official release of version 6.2. Once a new Beta is released it will also be included there. In other words - you won't need to worry about this and the upgrade program will take care of it.

How do i get this to work. I have just this past hour purchased a SSL from Go Daddy, Installed it and got it working THEN noticed it wont work on IPADS ??? :-( Then Read this

CommitCRM will have to give you the patched DLL's.

Cheers I have emailed them

We just replied to your email about this, let us know how it goes.

works, thanks