[CalendarServer-users] SOLVED: HTTPS-Problem

Georg Troska georg.troska at uni-dortmund.de
Thu Feb 19 03:48:13 PST 2009 

Dear Cyrille,

It's so easy.... so clear that I need nearly two days to understand...

The point is to tell iCal to accept the certificate. As I accepted it  
with my Browser and I saw that it was stored in apple service programm  
where the certs and keys (not sure about the english name) I thought  
every must be ok.

To tell iCal to accept the certs one has to open the SSL-Site with  
safari - not with firefox. When I had accepted the certs with safari  
everything in iCal was ok

Thanks you very much for the time you spent on this

Georg

P.S. maybe someone can add this iCal feature to the iCal-Howto on www.calendarserver.org

Am 19.02.2009 um 12:35 schrieb Cyrille Colin:

> Hi,
> i didn't use iCal.
> I try calendarserver to see if it can resolve our "calendar problem".
> Linux as server and thunderbird with lightning as client.
> About certificates, it's due to the file format pem or pkcs12 can
> contains both certificate and private key, but don't matter with your
> problem. I heard a lot about certificate with macos. I think you  
> need to
> import your certificate into the store (keychain). take a look here :
> http://www.stefanseiz.com/archives/2004/06/importing_a_self_signed_sslcertificate_into_your_mac_os_x_keychain.html
> hope this help.
>
>
> Le jeudi 19 février 2009 à 10:49 +0100, Georg Troska a écrit :
>> Hi Cyrille,
>> https in my browser works, https in leightning (debian calendar)  
>> works
>> as well. Kerberos authentication works as well (on browser and
>> leightning with https and http) I can connect with iCal but only when
>> I'm sending my Kerberos -Ticket unencrypted without https over http.
>> When trying to connect through https I get there Error message I
>> mentioned:
>>
>>>>>>> "The account information could not be found - Unexpected error
>>>>>>> at the
>>>>>>> secure name resoltion (Error -9813). The servername <name> is
>>>>>>> maybe
>>>>>>> incorrect "
>>
>> I my case the SSL-Cert and the private-key are stored in two  
>> different
>> files (with different priviliges but belonging by root). This is the
>> first time I heard of SSL Certs and Privatekey that are stored in one
>> file. From my point of view they are useless then ;-) But I have not
>> found information about that tool you mentioned.
>>
>> All Calendarclient programs except iCal ask if they my trust my
>> certificates. I believe if I could tell iCal to trust them everything
>> would be ok
>>
>> Do you use iCal as a client with https connection?
>>
>> Thanks a lot Georg
>> Am 19.02.2009 um 08:54 schrieb Cyrille Colin:
>>
>>> Oops, i didn't see the error was in ical .. are you sure your
>>> certificate common name is set to your server url ?
>>> https seems to work, to verify connect your server via a browser :
>>> https://xxx:8443/calendars/users/
>>>
>>>
>>> Le mercredi 18 février 2009 à 23:27 +0100, Georg Troska a écrit :
>>>> Hi,
>>>> Are you sure private and public keys are stored in the same file?
>>>>
>>>> Georg
>>>> Am 18.02.2009 um 22:19 schrieb Cyrille Colin:
>>>>
>>>>> hi,
>>>>> Self-signed certs works for me.
>>>>> I create it with
>>>>> createmake-ssl-cert /usr/share/ssl-cert/ssleay.cnf /calendar/ 
>>>>> certs/
>>>>> calendar.pem
>>>>> and set .plist :
>>>>>
>>>>>   <!-- Public key -->
>>>>>  <key>SSLCertificate</key>
>>>>>  <string>/calendar/certs/calendar.pem</string>
>>>>>
>>>>>  <!-- Private key -->
>>>>>  <key>SSLPrivateKey</key>
>>>>>  <string>/calendar/certs/calendar.pem</string>
>>>>>
>>>>> hope this help.
>>>>>
>>>>> On mer., 2009-02-18 at 21:18 +0100, Georg Troska wrote:
>>>>>> Hi,
>>>>>>
>>>>>>
>>>>>> ok maybe this is a better forum to ask this question
>>>>>>
>>>>>> Anfang der weitergeleiteten E-Mail:
>>>>>>
>>>>>>> Von: Georg Troska <georg.troska at uni-dortmund.de>
>>>>>>> Datum: 18. Februar 2009 15:08:13 MEZ
>>>>>>> An: calendarserver-dev at lists.macosforge.org
>>>>>>> Betreff: [CalendarServer-dev] HTTPS-Problem
>>>>>>>
>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> I have problems to get HTTPS running on the calendarserver.
>>>>>>> (Ubuntu-Intrepid)
>>>>>>> HTTP works fine now, but using HTTPS gives me an error-message  
>>>>>>> in
>>>>>>> iCal:
>>>>>>>
>>>>>>> "The account inforation could not be found - Unexpected error at
>>>>>>> the
>>>>>>> secure name resoltion (Error -9813). The servername <name> is
>>>>>>> maybe
>>>>>>> incorrect "
>>>>>>>
>>>>>>> (This is translated from german)
>>>>>>>
>>>>>>> I'm sure that HTTPS is running as I can reach it in the  
>>>>>>> Browser -
>>>>>>> authentication is running as well
>>>>>>>
>>>>>>> Thanks Georg
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> calendarserver-dev mailing list
>>>>>>> calendarserver-dev at lists.macosforge.org
>>>>>>> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-
>>>>>>> dev
>>>>>>>
>>>>>>
>>>>>>
>>>>>> meanwhile I found out, that I have a logentry in /var/log/
>>>>>> system.log
>>>>>> on my client:
>>>>>> ---
>>>>>> Feb 18 21:14:01 regulus iCal[97893]: SMA: -[DAVRequest(Private)
>>>>>> translateSSLError:]: { -9813 }
>>>>>> Feb 18 21:14:01 regulus iCal[97893]: [DAVRequest  
>>>>>> _readStreamEvent]:
>>>>>> SecTrustEvaluate failed.  Failing with error: (null)
>>>>>> ---
>>>>>>
>>>>>>
>>>>>> putting this into google made me a bit nervous when I read
>>>>>> this: http://www.zimbra.com/forums/administrators/16397-caldav-issue-leopard.html
>>>>>>
>>>>>>
>>>>>> is it true that iCal cannot handle "selfmade SSL-Certs"? How  
>>>>>> can I
>>>>>> put
>>>>>> the cert on "always trust"?
>>>>>>
>>>>>>
>>>>>> I hope you can help. Thanks a lot
>>>>>> Georg
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> calendarserver-users mailing list
>>>>>> calendarserver-users at lists.macosforge.org
>>>>>> http://lists.macosforge.org/mailman/listinfo.cgi/calendarserver-users
>>>>>
>>
>>
>>
>>
>

Georg Troska
Experimentelle Physik IV
TU Dortmund
+49 231 755 3501

More information about the calendarserver-users mailing list