Dear Cyrille, It's so easy.... so clear that I need nearly two days to understand... The point is to tell iCal to accept the certificate. As I accepted it with my Browser and I saw that it was stored in apple service programm where the certs and keys (not sure about the english name) I thought every must be ok. To tell iCal to accept the certs one has to open the SSL-Site with safari - not with firefox. When I had accepted the certs with safari everything in iCal was ok Thanks you very much for the time you spent on this Georg P.S. maybe someone can add this iCal feature to the iCal-Howto on www.calendarserver.org Am 19.02.2009 um 12:35 schrieb Cyrille Colin:
Hi, i didn't use iCal. I try calendarserver to see if it can resolve our "calendar problem". Linux as server and thunderbird with lightning as client. About certificates, it's due to the file format pem or pkcs12 can contains both certificate and private key, but don't matter with your problem. I heard a lot about certificate with macos. I think you need to import your certificate into the store (keychain). take a look here : http://www.stefanseiz.com/archives/2004/06/importing_a_self_signed_sslcertif... hope this help.
Le jeudi 19 février 2009 à 10:49 +0100, Georg Troska a écrit :
Hi Cyrille, https in my browser works, https in leightning (debian calendar) works as well. Kerberos authentication works as well (on browser and leightning with https and http) I can connect with iCal but only when I'm sending my Kerberos -Ticket unencrypted without https over http. When trying to connect through https I get there Error message I mentioned:
> "The account information could not be found - Unexpected error > at the > secure name resoltion (Error -9813). The servername <name> is > maybe > incorrect "
I my case the SSL-Cert and the private-key are stored in two different files (with different priviliges but belonging by root). This is the first time I heard of SSL Certs and Privatekey that are stored in one file. From my point of view they are useless then ;-) But I have not found information about that tool you mentioned.
All Calendarclient programs except iCal ask if they my trust my certificates. I believe if I could tell iCal to trust them everything would be ok
Do you use iCal as a client with https connection?
Thanks a lot Georg Am 19.02.2009 um 08:54 schrieb Cyrille Colin:
Oops, i didn't see the error was in ical .. are you sure your certificate common name is set to your server url ? https seems to work, to verify connect your server via a browser : https://xxx:8443/calendars/users/
Le mercredi 18 février 2009 à 23:27 +0100, Georg Troska a écrit :
Hi, Are you sure private and public keys are stored in the same file?
Georg Am 18.02.2009 um 22:19 schrieb Cyrille Colin:
hi, Self-signed certs works for me. I create it with createmake-ssl-cert /usr/share/ssl-cert/ssleay.cnf /calendar/ certs/ calendar.pem and set .plist :
<!-- Public key --> <key>SSLCertificate</key> <string>/calendar/certs/calendar.pem</string>
<!-- Private key --> <key>SSLPrivateKey</key> <string>/calendar/certs/calendar.pem</string>
hope this help.
On mer., 2009-02-18 at 21:18 +0100, Georg Troska wrote:
Hi,
ok maybe this is a better forum to ask this question
Anfang der weitergeleiteten E-Mail:
> Von: Georg Troska <georg.troska@uni-dortmund.de> > Datum: 18. Februar 2009 15:08:13 MEZ > An: calendarserver-dev@lists.macosforge.org > Betreff: [CalendarServer-dev] HTTPS-Problem > > > Hi, > > I have problems to get HTTPS running on the calendarserver. > (Ubuntu-Intrepid) > HTTP works fine now, but using HTTPS gives me an error-message > in > iCal: > > "The account inforation could not be found - Unexpected error at > the > secure name resoltion (Error -9813). The servername <name> is > maybe > incorrect " > > (This is translated from german) > > I'm sure that HTTPS is running as I can reach it in the > Browser - > authentication is running as well > > Thanks Georg > > > _______________________________________________ > calendarserver-dev mailing list > calendarserver-dev@lists.macosforge.org > http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver- > dev >
meanwhile I found out, that I have a logentry in /var/log/ system.log on my client: --- Feb 18 21:14:01 regulus iCal[97893]: SMA: -[DAVRequest(Private) translateSSLError:]: { -9813 } Feb 18 21:14:01 regulus iCal[97893]: [DAVRequest _readStreamEvent]: SecTrustEvaluate failed. Failing with error: (null) ---
putting this into google made me a bit nervous when I read this: http://www.zimbra.com/forums/administrators/16397-caldav-issue-leopard.html
is it true that iCal cannot handle "selfmade SSL-Certs"? How can I put the cert on "always trust"?
I hope you can help. Thanks a lot Georg
_______________________________________________ calendarserver-users mailing list calendarserver-users@lists.macosforge.org http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
Georg Troska Experimentelle Physik IV TU Dortmund +49 231 755 3501