I have the exact same issue as collinsandlacy did a few years ago. I have been using UTM for years, but I never bothered with HTTPS scanning until I got married and had a teenager move into the house. Now we need to ensure that things aren't being done that shouldn't be done.
With that said, I have enabled Decrypt and Scan, and I have imported the Web Filtering CA into my iPhone. Everything says that it installed properly, but I still cannot get to any modern search engine from my phone... https://www.google.com, https://www.bing.com, https://www.duckduckgo.com, etc., etc.
Any help with with HTTPS scanning and iOS would be GREATLY appreciated.
I am running UTM 9.51 and iOS 11.4.
Thank you!
I have the exact same issue as collinsandlacy did a few years ago. I have been using UTM for years, but I never bothered with HTTPS scanning until I got married and had a teenager move into the house. Now we need to ensure that things aren't being done that shouldn't be done.
With that said, I have enabled Decrypt and Scan, and I have imported the Web Filtering CA into my iPhone. Everything says that it installed properly, but I still cannot get to any modern search engine from my phone... https://www.google.com, https://www.bing.com, https://www.duckduckgo.com, etc., etc.
Any help with with HTTPS scanning and iOS would be GREATLY appreciated.
I am running UTM 9.51 and iOS 11.4.
Thank you!
Maybe my answer comes too late, but anyway.
It is NOT enough to import the certificate. After installing which is a simple click on the User Portal, import, confirm, etc ... you have to go to Settings -> General -> Information -> SCROLL TO THE BOTTOM ... last command should be “Configurations Certificate Trust” ... go in there and ENABLE it.
This did the trick for me.
Regards,
Hi mircevski
No, not at all too late; really rather astonishingly fortuitous timing, in fact! :-)
I did not need that additional step with my iPhone 4, but I have recently procured an iPhone 6 (£99 and it has a nice new screen) so I'm now on a current iOS version. Of course, one of the first things that I did was to add my dodgy CA, but I didn't even bother to then actually test it - I just assumed that it would be working - and then whilst doing my daily forum browse, I spotted your above tip. Anyhow, I just tried the iPhone browser and sure enough, it was not actually working, so I've performed the above additional step and all is now well. Thank you very much for posting that and as I say, it was mighty fine timing, too!
Kind regards,
Briain
Hi Folks
Curiously, I looked at my e-mail using my iPhone 8 this morning, and after clicking on the Sophos Naked Security e-mail link to the article about a Raspberry Pi being blasted into space and sending back a video of the earth (who could resist a headline like that?) I was surprised to be presented with a site trust issue. Looking at my phone's settings (Settings -> General), I immediately spotted that the 'Profile' section was no longer populated with my [UTM generated] CA entry. I can't be sure when it was deleted, but my guess was that the recent update to iOS 12.4.1 was the culprit (to be honest, I thought I'd used the phone for www brosing since then, but I cannot be certain and that seems the most logical explanation for its demise).
Anyhow, whatever the reason for my CA deletion from its root store, when re-doing things I noticed that the path to the 'enabling it' section has very slightly changed from the one noted mircevskis's post, so just a brief note for anybody else who needs to re-import their CA in an iOS 12.4.1 iThing, it is now as described below (with the bold word highlighting the minor change):
1. Download the cacert.pem file in the usual way (via entering http://passthrough.fw-notify.net/cacert.pem into Safari).
2. Navigate to: Settings -> Profile <My downloaded CA> then at the top of that setting page, select the 'Install' option (then you'll be prompted for your iOS password) and after a couple more 'install' prompts, it'll eventually show it as being installed (and you'll see 'Verified' and a tick, both in a green font) so thus far, the process is the same as it previously was.
3. Now you have to navigate to Settings -> General -> About -> Certificate Trust Settings (then toggle the switch to enable it).
All the best to all!
Bri :-)