Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

Thread Info
  • State Not Answered
  • +3 person also asked this people also asked this
  • Locked Locked
  • Replies 6 replies
  • Subscribers 44 subscribers
  • Views 8267 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSL Certificate failure on iPhones, iOS10.2.

kaikieferle

Hello; This one seems tricky.

 

When iPhone 6 or later users running the latest iOS try to access their imap.gmail.com or imap.shaw.ca personal accounts they are getting a 'could not verify server' error. It appears the imap servers don't trust the certificate provided by Sophos.

 

Anyone else experienced this? It's only on the iPhone ( my android device works fine ).

 

More information:

We are not using the WAP protection services on the XG210 firewall we have.

It's only happening when... iPhone 6 or later, connected to our wifi access points (which are just plugged into our network), trying to access imap mail servers like imap.gmail.com or imap.shaw.ca.

I've attached screen shots of the details of the error message. I'm sorry, I'm not very good at interpreting them.



This thread was automatically locked due to age.
  • 0

    kaikieferle,

    We are not able to see the screenshot. Anyway if you enabled the HTTPS scanning on the firewall rules, you will need to import the certificate on your iPhone. I imported by accessing the XG > Certificate > download Certificate.

    From there, I am not having any issue with email on my iPhone (6s updated to latest firmware).

    Let us know.

  • 0 in reply to lferrara

    iam facing same issue , when i connect any ios device(vesion 12)  getting a pop up message " cannot verify server identity" .

    find attached screen shot here 

     

  • 0 in reply to lferrara

    iam facing same issue , when i connect any ios device(vesion 12)  getting a pop up message " cannot verify server identity" .

    find attached screen shot here 

     

  • 0 in reply to Nirmal Kannan

    Hi,

    your screen shot says it all, the XG certificate is not trusted.

    I ended up not using mail scanning, just a seperate rule for imap/s to allow iOS devices to receive mail.

    I must have another go at this under 12.1.2.

    Ian

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to rfcat_vk

    Update. I installed the certificate again and like you failure. I deleted the mail account and recreated it which then allowed me to trust the failing certificate. Now to try this on the iPad.

    Ian

     

    Further update: while mail now works without errors, I broke a number of websites because of https scanning. Not sure why because the the same websites work on the MBP through the same firewall rule. More work with certificates on the iPhone required before I complete the move.

    XG115W - v20.0.2 MR-2 - Home

    XG on VM 8 - v21 GA

    If a post solves your question please use the 'Verify Answer' button.

  • 0 in reply to Nirmal Kannan

    Firewall - 1. Auto added firewall - Malware scanning

    Turn Scan IMAP and scan IMAPS off 

     

    Certificate date (seemed to be) issued, probably, a year before you installed the firewall for the last time

     

Unfiltered HTML