iPad (12.3.1) not trusting certificate even after root cert has been added

keychain ipad

I have an iPad using software version 12.3.1 that doesn't seem to be accepting the certs that I install.

In the Certificate Trust Settings I've enabled my root certificate. Then when I open the ip in safari which has that cert I get a this cert is not trusted error and it says i can proceed or view the cert.

If i view the cert i can see that it is indeed the correct one and the same as installed on the ipad. how do i get rid of this error any help would be great.

EDIT Stupid me had the wrong CN, if you are using an ip address make sure you do not add the port to the CN as this will cause an error.


iOS 13 have increased the security regarding both CA (i.e. what you call root) and server certificates:

You must ensure that your root certificate satisfies the following requirements:

  • If you're using RSA, the key size must be at least 2048 bites.

  • The hash algorithm must be SHA-2, and not SHA-1.

In addition to the two requirements above, your server certificate must also satisfy the following requirement:

  • When used for TLS (as you do in Safari), the DNS name of the server must be in the Subject Alternative Name field

Note that this requirement also means that if you're requesting your web page using an IP-address instead of a name, then the IP address (without port number) should be listed in the SAN field.

And if the server was issued after the 1st of July 2019, also the following two requirements:

  • When used for TLS, the certificate must contain an ExtendedKeyUsage field with the id-kp-serverAuth OID (i.e. don't use a certificate listed as a client certificate, code signing certificate, email or VPN certificate, etc)

  • When used for TLS, the certificate must be valid for 825 days or fewer

You can read Apple's explanation of these new requirements here.


One work around I found while installing the certs for our internal CA, was to first save the file on my iCloud. And from iCloud it was the same setup as before I moved to iOS 13 (Profiles + Certificate Trust Settings).

Exact steps: 1) Send the certificates to my device and save/share them to iCloud. 2) From Files > iCloud Drive > typical Certificate Installation.

Hopefully it helps you guys.

Related

Upload to iCloud Photos without adding to Recents album?
On a MacOS machine, is there any risk or trouble I'll encounter if I put some of my documents into a path that's not under my home ~ directory
Airdrop option not showing Finder in mac
What effect does upgrading RAM or the Processor have on the performance of a computer? [duplicate]
How to modify the transmit queue length (buffer) of the network interface
Sidecar not working with Ipad Pro 2018, Macbook Pro 2016
Will airdropping FCPX to another computer work?
10.15 Catalina - Not showing Sync Mark on Finder
Will an iPhone XR purchased in India work with US service providers?
Why is my iPhone transmitting in airplane mode?
Apple mail matching signatures with account aliases possible?
How can I alter the default behavior of iTunes 10.7 to suppress some UI elements like the store?