Question: iOS 13 Self Signed SSL certificate updates in Mail
As everybody should know by now, the Mail app in iOS 13 will no longer support legacy SSL certificates using SHA1. Therefore old time admins like me were awoken from our deep slumber to regenerate SSL certificates on legacy systems - like those running OS X Server 10.5. Yes, "5"; not "15".
I have generated new SHA256 certs with a RSA key of 2048bits with a life of 825 days. I'm not sure if the ExtendedKeyUsage (EKU) extension containing the id-kp-serverAuth OID is implemented correctly, but the OID shows up when I read the certificate.
I'm having problems with iPhones updated to iOS 13.0 not being able to accept the newly generated certificates. The Mail app tells me, "Cannot Verify Server Identity" and gives me the choice of Cancel, Details, or Continue. In iOS 12.x, I could tap "Details" then a detail screen would appear with a "Trust" link on the top right corner. Alas, tapping on the "Details" has the no effect. It will not open a detail screen.
I'm wondering if this is an issue with iOS13 or if I'm missing something on the server side. What kind of request is iOS Mail sending the server to verify the SSL certificate and how does the server need to reply?