25 Sep
2015
25 Sep
'15
10:01 a.m.
Hi,
My problem with the Macs is figuring out what they do not like about the server certificate.
can you provide your server cert? Macs will care about things like is it SHA1 or SHA256 (and not MD5) - is the CA SHA1 or SHA256 too? does the server cert have CA = false or can the server cert be a CA too? (CA = True) - ie no contraints does the server cert have a Common Name and a SubjectAltName by the way? it could be TLS negoitation failing - if the cipher method is DH-based - whats the size of your DH key - needs to be 1024bit or more start with those alan