iOS13 Beta / iOS13 requirements TLS Certificate

this post is about this link iOS 13 requirements TLS Server Certificate and two questions that bother me currently.

First of, can anyone tell me, if a SHA2 signature is required only for my server certificate and it's issuing CA cert or does every certificate in the chain of trust need to be signed with SHA2?

My Situation: Trusted Root CA cert (SHA1) -> Intermediate CA cert (SHA256) -> my.domain.com cert (SHA256)

And my second question is, if anyone has already installed the iOS 13 Beta and could tell me, if there were changes in the trusted root certificates until now? I especially want to know, if the GlobalSign Root CA R1-SHA1 was removed. I don't think so, becaus it'll be valid until somwhere around 2028 but I don't want to build something up on my believes, if I can have facts.

If you have any insight on that, I'd really appreciate your input here.

Thanks in advance guys


Solution 1:

I cannot confirm but the article you a referring to states very clearly its only for Server and Issuing Certificates. In other words SHA-1 Root certificates are not impacted.