Hello,
I'm not sure where to put this but here goes.
I have set up HTTPS scanning on my network and pushed both the SSL certificate and the CA certificate to the iOS devices. I installed the profile and made sure the the certificates are trusted under root.
The problem that I have found is that some apps use a certificate pinned in the app itself and don't trust the apple certificates on the device. The problem that then happens is that when the firewall decrypts the traffic and re-encrypts it, the certificate is now a Sophos certificate and the app will not communicate because the certificate does not match that one inside the app and it thinks that a man in the middle attack is happening.
Some of the apps that I found that are not compatible are; Ring doorbell, Honeywell Home Connect, Genisys Credit Union, Flagstar Bank, and I am sure there are many others.
What can be done about this? I have a feeling that nothing can be done other then not using HTTPS scanning and to me that leaves a major security hole in your network.
This thread was automatically locked due to age.
Quote