Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 11 replies
  • Answers 1 answer
  • Subscribers 4 subscribers
  • Views 15741 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Deploy https certificate to iOS

collinsandlacy
We deploy an iOS configuration file to all of our iOS devices. Included in the iOS config file are our certificates from our CA. It includes a user certificate for Exchange authentication and authentication to our wireless via RADIUS. In all offices users automatically authenticate to the wireless from their iOS device.

We have also deployed the Proxy CA certificate from the UTM as we have the https filtering set to scan and decrypt on our wireless network. The https certificate is deployed to all of our laptops and works with no issues.

However, on the iOS devices we still get the warning that the site certificate cannot be verified and with some sites the navigation just stops. Has anyone else seen this or have any ideas on deploying this to an iOS device?


This thread was automatically locked due to age.
  • 0 in reply to mircevski

    Hi Folks

    Curiously, I looked at my e-mail using my iPhone 8 this morning, and after clicking on the Sophos Naked Security e-mail link to the article about a Raspberry Pi being blasted into space and sending back a video of the earth (who could resist a headline like that?) I was surprised to be presented with a site trust issue. Looking at my phone's settings (Settings -> General), I immediately spotted that the 'Profile' section was no longer populated with my [UTM generated] CA entry. I can't be sure when it was deleted, but my guess was that the recent update to iOS 12.4.1 was the culprit (to be honest, I thought I'd used the phone for www brosing since then, but I cannot be certain and that seems the most logical explanation for its demise). 

    Anyhow, whatever the reason for my CA deletion from its root store, when re-doing things I noticed that the path to the 'enabling it' section has very slightly changed from the one noted mircevskis's post, so just a brief note for anybody else who needs to re-import their CA in an iOS 12.4.1 iThing, it is now as described below (with the bold word highlighting the minor change):

    1. Download the cacert.pem file in the usual way (via entering http://passthrough.fw-notify.net/cacert.pem into Safari).

    2. Navigate to: Settings -> Profile <My downloaded CA> then at the top of that setting page, select the 'Install' option (then you'll be prompted for your iOS password) and after a couple more 'install' prompts, it'll eventually show it as being installed (and you'll see 'Verified' and a tick, both in a green font) so thus far, the process is the same as it previously was.

    3. Now you have to navigate to Settings -> General -> About -> Certificate Trust Settings (then toggle the switch to enable it).

    All the best to all!

    Bri :-)

Unfiltered HTML