|
|||
|
|||
We have not yet deeply reviewed this so we do not expect any changes in our coming release. You should probably use another Web browser for iPhone/ipad in case you want to use SSL and it fails with Safari. We will review it for the following release and hopefully it is someone in our control and not something with Safari or the certificate. Thanks for following up on this.
|
|
|||
|
|||
Guys this is a big issue I have attempted to switch to using SSL today however have found that my techs can not access it in the field from their IPads.it doesn't work regardless of what browser you use. I need to find a resolution for this AsAP as replacing 56 iPads with android devices is not an option ( i haven't tested android it may have the same issue). Even on desktops after configuring ssl it would only work in Internet explorer
|
|
|||
|
|||
Thanks for posting this. We've heard something similar with iPhone and iOS 6. Another guy in this forum referred to https://discussions.apple.com/thread...art=0&tstart=0 and it does seem to discuss related issues and their resolutions.
Also, did you try with Chrome? Someone else posted that Quote:
Besides, we will be looking at it again to verify whether there is anything in our control over it. |
|
|||
|
|||
I think the quote about Chrome came from me... At any rate, yes, it does load, but you have to be VERY patient. It takes multiple stopping the page and refreshing it when it is trying to load (after user credentials are entered).
I would love to get it fixed, but just haven't had time to troubleshoot. I am glad that isn't just me though! I'm sure that this has to be something that is some anomaly in the CommitCRM Web interface/server - no other pages that I've ever used w/ SSL have any problems. I don't know what it is, but I would be happy to get you any info you need to troubleshoot. I got my SSL cert from godaddy - I was thinking about getting a new one from somewhere else to see if that resolves the problem. @ BDTechrob, who is your cert from - if you don't mind me asking? |
|
|||
|
|||
Just checked the CommitWebInterface.log file. Here is what a connection from an iOS device looks like:
06/13/2013 09:35 AM SSL status: "before/accept initialization" 06/13/2013 09:35 AM SSL status: "before/accept initialization" 06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A" 06/13/2013 09:35 AM SSL status: "SSLv3 write server done A" 06/13/2013 09:35 AM SSL status: "SSLv3 flush data" 06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A" 06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A" 06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A" 06/13/2013 09:35 AM SSL status: "before/accept initialization" 06/13/2013 09:35 AM SSL status: "before/accept initialization" 06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A" 06/13/2013 09:35 AM SSL status: "SSLv3 write server done A" 06/13/2013 09:35 AM SSL status: "SSLv3 flush data" 06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A" 06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A" 06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A" 06/13/2013 09:35 AM SSL status: "before/accept initialization" 06/13/2013 09:35 AM SSL status: "before/accept initialization" 06/13/2013 09:35 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:35 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:35 AM SSL status: "SSLv3 write certificate A" 06/13/2013 09:35 AM SSL status: "SSLv3 write server done A" 06/13/2013 09:35 AM SSL status: "SSLv3 flush data" 06/13/2013 09:35 AM SSL status: "SSLv3 read client key exchange A" 06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A" 06/13/2013 09:35 AM SSL status: "SSLv3 read certificate verify A" I don't have any idea what a "good" connection looks like so I don't know if the above is normal or abnormal. |
|
|||
|
|||
Just for the record, here is what a successful load of the login page looks like in the logs:
06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A" 06/13/2013 09:42 AM SSL status: "SSLv3 write finished A" 06/13/2013 09:42 AM SSL status: "SSLv3 flush data" 06/13/2013 09:42 AM SSL status: "SSLv3 read finished A" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 ; bits = 256; version = TLSv1/SSLv3; 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A" 06/13/2013 09:42 AM SSL status: "SSLv3 write finished A" 06/13/2013 09:42 AM SSL status: "SSLv3 flush data" 06/13/2013 09:42 AM SSL status: "SSLv3 read finished A" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 ; bits = 256; version = TLSv1/SSLv3; 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A" 06/13/2013 09:42 AM SSL status: "SSLv3 write finished A" 06/13/2013 09:42 AM SSL status: "SSLv3 flush data" 06/13/2013 09:42 AM SSL status: "SSLv3 read finished A" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 ; bits = 256; version = TLSv1/SSLv3; 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A" 06/13/2013 09:42 AM SSL status: "before/accept initialization" 06/13/2013 09:42 AM SSL status: "SSLv3 write finished A" 06/13/2013 09:42 AM SSL status: "SSLv3 flush data" 06/13/2013 09:42 AM SSL status: "SSLv3 read finished A" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 ; bits = 256; version = TLSv1/SSLv3; 06/13/2013 09:42 AM SSL status: "SSLv3 read client hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write server hello A" 06/13/2013 09:42 AM SSL status: "SSLv3 write change cipher spec A" 06/13/2013 09:42 AM SSL status: "SSLv3 write finished A" 06/13/2013 09:42 AM SSL status: "SSLv3 flush data" 06/13/2013 09:42 AM SSL status: "SSLv3 read finished A" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM Cipher: name = CAMELLIA256-SHA; description = CAMELLIA256-SHA SSLv3 Kx=RSA Au=RSA Enc=Camellia(256) Mac=SHA1 ; bits = 256; version = TLSv1/SSLv3; 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" 06/13/2013 09:42 AM SSL status: "SSL negotiation finished successfully" |
|
|||
|
|||
My guess is that it is the cipher type or the encryption bit level. Do you know if there is a way to change those things in your webserver - I would probably have to rekey the cert too, not sure how all those pieces fit together. What webserver is running Commit's web interface? Is it something proprietary or something that would have some public documentation on its SSL features?
|
|
|||
|
|||
@lpopejoy, I use a godaddy cert also. My tech that I tasked with getting this going mentioned something about possibly goddady being an intermediate cert authority and not fully trusted in iOS. We were not able to get the page to load in any browser on iOS nor could we get it to load on desktops other than using IE.
I did find a link on the issue with a bit of googleing and plan to try this fix tomorrow to see if it works http://blogs.citrix.com/2010/01/20/h...ri-and-iphone/ However in normal circumstances with the above method my technicians tell me normally they would add the intermediate cert it self to the web server in IIS or exchange |
|
|||
|
|||
Since my certificate was overdue for renewal, I renewed it. Changed from md5 to sha1 just for fun - key length 2048. Same problem - but still Godaddy cert.
I agree with BDTECHRob - I think the issue is the intermediate cert. @commitsupport, could you give us some advice as to how to make your webserver work with intermediate certifcates? |
|
|||
|
|||
It seems like the problem is not happening on the server side but rather on the client side as from what we understand it does work well with other devices such as your PC (same server, same certificate).
In any case there aren't any additional control options at the server side. |
|
|||
|
|||
Guys it is an issue with the Web server and it only works on the pc using Internet Explorer. if you google the issue you will see there is a method to import the intermediate certificate into just about every Web server ever made. IIS Apache tomcat they all support this so your Web server should also. If this is to hard you shouldn't claim the system supports SSL as I have not only waisted money buying a certificate I have also spent over $1000 of billable time trying to make it work. Moving forward I would like to say that it will be absolutely necessary for me to use SSL to protect the sensitive data in my system.
|
|
|||
|
|||
Great news guys CommitCRM support have been able to solve this issue for us. I would like to express just how happy I am with CommitCRM support, I am truly glad that I made the decision to use CommitCRM for our business as there would not be another company in the world that strive so hard to support their user's. Well done guys for providing truly first class support system
|