This article provides details about changes regarding SSL security introduced with Apple iOS 13 and iPad OS 13
Applies to the following Sophos product(s) and version(s)
Not product specific
Operating systems iOS 13, iPadOS 13
With iOS 13 Apple increased the SSL certificate requirements which must be met when establishing a TLS connection.
An iOS device will only establish a connection, if the certificates fulfills these conditions:
Additionally, all TLS server certificates issued after July 1, 2019 (as indicated in the NotBefore field of the certificate) must follow these guidelines:
Connections to TLS servers violating these new requirements will fail and may cause network failures, apps to fail, and websites to not load in Safari in iOS 13.
If the Sophos Mobile server used to manage iOS devices is still using a self-signed certificate created by the Sophos Mobile setup, the SSL certificate must be exchanged with an officially signed certificate matching the requirements by Apple.
Otherwise, devices updated to iOS 13 will not synchronize anymore with the Sophos Mobile server.
How to identify if the Sophos Mobile server is using a self-signed certificate
To verify if the Sophos Mobile server is using a self-signed certificate you can use external SSL check tools like SSL Checker.
Enter the URL of your Sophos Mobile Server and perform the check.
If the following error message is shown a self-signed certificate is most-likely used on the Sophos Mobile server:
The certificate is not trusted in all web browsers. You may need to install an Intermediate/chain certificate to link it to a trusted root certificate.
If the Issuer field shows MDM CA a self-signed certificate created by the Sophos Mobile Configuration Wizard is used
NOTE: Depending on the network configuration different SSL certificates might be used if e.g. a Web Application Firewall is used to act as an SSL endpoint.
How to renew the SSL certificate
Details how to renew the SSL certificate can be found in this knowledgebase article.
Sophos Mobile: How to update Sophos Mobile Control server SSL certificate
Related information / See also
Requirements for trusted certificates in iOS 13 and macOS 10.15 (Apple website)
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. For technical support post a question to the community. Or click here for new feature/product improvements. Alternatively for paid/licensed products open a support ticket.