"Install client certificate in iOS 13 and later" v18 MR1 not working

Hi everyone

"Install client certificate in iOS 13 and later"-Link is not working. Can anyone confirm? I want to get email protection working on my iphone in legacy mode. 



  • In reply to Keyur:


    I already did! As far as I know, there's still no solution to the problem. As soon as I activate IMAP and POP3 scanning, the message "Cannot Verify Server Identitiy" pops up. So, can someone help?

    Best regards!

  • In reply to r0cknroll:

    Did you regenerate the Appliance Cert and the SSL Cert and deployed the new cert into the Client? 

    Be careful, it will be needed to redo all the imports. 

  • In reply to r0cknroll:


    I was very pleased when I enabled mail scanning in MR-1 for the short time it worked that my mail scanning worked.But now waiting for the a new MR-X


  • In reply to rfcat_vk:

    It seems to work for IMAPS on iCloud mail and 3rd party accounts now.

    But SMTPS in transparent/legacy mode still alerts that the servers‘ identity cannot be verified.

    I‘m using a self created Root CA for years now and https Scanning etc. is working fine with XG.

    Which steps to fix the Mail scanning would be necessary in this case? (the info I found is always about certs created by the XG itself which do not fulfill the new Apple requirements)

    Best Regards


  • In reply to Dom Nik:

    Hi Dom,

    back on v18 MR-1 and mail is working without any intervention on the MBP. On the iPad I removed the existing profile and mail account and restarted the iPad. Added the imap/smtp mail account then installed the Sophos CA which I trusted. Now in the past this has not worked that well because the initial installation test worked, so I will be testing again in about an hour to see if the trust is maintained.



    Update: still working sometime later, but broke three applications which still don't work correctly after a restart.

    Further update, mail still scanning correctly, but 3 applications do not like https scanning on the iPad, fine on the MBP using the same firewall rule and CA.

    Moved the iPad application access into a none https scanning rule while still scanning mail.

  • In reply to rfcat_vk:

    Many things now keep breaking that were working for most of the day.

    Still watching and testing.


  • In reply to rfcat_vk:

    Hi folks,

    after a period of using a patched v18 mr-1 i have found an issue with the certificates but it is not really an XG issue but more a linked MBP, iPad and iPhone. The iPad appears to cause the password from the mail account on the MBP to be deleted, so for the moment I have removed my mail account from the iPad to see if that stops my map mail from failing.

    Looks like webmail on the iPad for awhile.

    This little issue has had me puzzled for awhile.