Hello dear community.

I faced some troubles for iphone: I moved separate server from hardware to AWS Cloud with SSL certificate from Register.com. It moved well, and phone application continue work with new server without any problems. Then I installed LoadBalancer (HAProxy and Stunnel) for it and moved certificate with key from configs of Apache to config of stunnel. In PC browser it continue works well, and shows me blue field near the URL as trusted. But on iPhone browser it shows just "Untrusted server certificate".

Is there any difference for ssl certificate for stunnel and Apache? I understand that there is very specific question, but would you have any ideas about it?

*Config of stunnel:* cert = /usr/local/etc/stunnel/stunnel.pem chroot = /usr/local/var/lib/stunnel/ setuid = nobody setgid = nobody pid = /stunnel.pid socket = l:TCP_NODELAY=1 socket = r:TCP_NODELAY=1 debug = 7 output = stunnel.log

[https] accept = 443 connect = 80 xforwardedfor=yes TIMEOUTclose = 0

*Patch for stunnel* http://haproxy.1wt.eu/download/patches/stunnel-4.22-xforwarded-for.diff need to make work "xforwardedfor=yes"

*# stunnel -version* stunnel 4.22 on i686-pc-linux-gnu with OpenSSL 0.9.8b 04 May 2006 Threading:PTHREAD SSL:ENGINE Sockets:POLL,IPv6 Auth:LIBWRAP

Global options debug = 5 pid = /usr/local/var/run/stunnel/stunnel.pid RNDbytes = 64 RNDfile = /dev/urandom RNDoverwrite = yes

Service-level options cert = /usr/local/etc/stunnel/stunnel.pem ciphers = AES:ALL:!aNULL:!eNULL:+RC4:@STRENGTH key = /usr/local/etc/stunnel/stunnel.pem session = 300 seconds stack = 65536 bytes sslVersion = SSLv3 for client, all for server TIMEOUTbusy = 300 seconds TIMEOUTclose = 60 seconds TIMEOUTconnect = 10 seconds TIMEOUTidle = 43200 seconds verify = none * # uname -a* Linux domU-12-31-38-00-35-07 2.6.18-xenU-ec2-v1.0 #2 SMP Tue Feb 19 10:51:53 EST 2008 i686 athlon i386 GNU/Linux * # openssl version* OpenSSL 0.9.8b 04 May 2006

*And logs from stunnel when iphone tryed to conenct* 2009.08.04 08:20:16 LOG7[31023:3081598672]: https accepted FD=15 from 24.5.77.143:58019 2009.08.04 08:20:16 LOG7[31023:3081550736]: https started 2009.08.04 08:20:16 LOG7[31023:3081550736]: FD 15 in non-blocking mode 2009.08.04 08:20:16 LOG7[31023:3081550736]: TCP_NODELAY option set on local socket 2009.08.04 08:20:16 LOG7[31023:3081550736]: Waiting for a libwrap process 2009.08.04 08:20:16 LOG7[31023:3081550736]: Acquired libwrap process #0 2009.08.04 08:20:16 LOG7[31023:3081550736]: Releasing libwrap process #0 2009.08.04 08:20:16 LOG7[31023:3081550736]: Released libwrap process #0 2009.08.04 08:20:16 LOG7[31023:3081550736]: https permitted by libwrap from 24.5.77.143:58019 2009.08.04 08:20:16 LOG5[31023:3081550736]: https accepted connection from 24.5.77.143:58019 2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): before/accept initialization 2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 read client hello A 2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 write server hello A 2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 write certificate A 2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 write server done A 2009.08.04 08:20:16 LOG7[31023:3081550736]: SSL state (accept): SSLv3 flush data 2009.08.04 08:20:16 LOG3[31023:3081550736]: SSL_accept: Peer suddenly disconnected 2009.08.04 08:20:16 LOG5[31023:3081550736]: Connection reset: 0 bytes sent to SSL, 0 bytes sent to socket 2009.08.04 08:20:16 LOG7[31023:3081550736]: https finished (0 left)

Thank you in advance, Max