iPad (12.3.1) not trusting certificate even after root cert has been added

I have an iPad using software version 12.3.1 that doesn't seem to be accepting the certs that I install.

In the Certificate Trust Settings I've enabled my root certificate. Then when I open the ip in safari which has that cert I get a this cert is not trusted error and it says i can proceed or view the cert.

If i view the cert i can see that it is indeed the correct one and the same as installed on the ipad. how do i get rid of this error any help would be great.

EDIT Stupid me had the wrong CN, if you are using an ip address make sure you do not add the port to the CN as this will cause an error.


iOS 13 have increased the security regarding both CA (i.e. what you call root) and server certificates:

You must ensure that your root certificate satisfies the following requirements:

  • If you're using RSA, the key size must be at least 2048 bites.

  • The hash algorithm must be SHA-2, and not SHA-1.

In addition to the two requirements above, your server certificate must also satisfy the following requirement:

  • When used for TLS (as you do in Safari), the DNS name of the server must be in the Subject Alternative Name field

Note that this requirement also means that if you're requesting your web page using an IP-address instead of a name, then the IP address (without port number) should be listed in the SAN field.

And if the server was issued after the 1st of July 2019, also the following two requirements:

  • When used for TLS, the certificate must contain an ExtendedKeyUsage field with the id-kp-serverAuth OID (i.e. don't use a certificate listed as a client certificate, code signing certificate, email or VPN certificate, etc)

  • When used for TLS, the certificate must be valid for 825 days or fewer

You can read Apple's explanation of these new requirements here.


One work around I found while installing the certs for our internal CA, was to first save the file on my iCloud. And from iCloud it was the same setup as before I moved to iOS 13 (Profiles + Certificate Trust Settings).

Exact steps: 1) Send the certificates to my device and save/share them to iCloud. 2) From Files > iCloud Drive > typical Certificate Installation.

Hopefully it helps you guys.