Some time ago I published a post that describes the new rules a certificate has to follow to be accepted by Apple’s current devices (iPhone, iPad, MacOS PCs). Besides some rules about algorithms and bit length, that are usually met by all certificate authorities, there are some requirements, you will probably not see at first view. A certificate generated later than July 1st 2019 must not be longer valid than 825 days and the certificate must contain the value “Server Authentication” (OID 220.127.116.11.18.104.22.168.1) as Extended Key Usage (EKU).
In my last post I mentioned that the IP Office certificate authority is able to create certificates that work with iPhones and other Apple devices. That was only half the truth, because only IP Office servers (Server Edition or Application Server) on at least release 22.214.171.124 create valid certificates.Continue reading