Remove Root Certificate without access to MDM

If the certificate profiles are not visible and removable via Settings > VPN & Device Management, then your iPhone is seemingly supervised, and you’ll need to discuss this with the ex-employer IT, or submit proof of original purchase to Apple and have them clear this.

Thierer wrote:

1. settings/about/certificate trust settings house root certificates issued by third parties, but authenticated by Apple

i.e.

Juniper Networks Root CA

2. COMODO RSA Certification Authority...

These are legacy root certificates I would like to delete, though they are deselected.

There is no means to deselect a trusted root certificate within the Apple trust store.

Available trusted root certificates for Apple operating systems - Apple Support

Intro to certificate management for Apple devices - Apple Support

There is no Juniper Networks Root CA listed in the Apple docs (which are somewhat stale), though there is a Comodo RSA cert.

Which circles back to this being a supervised device, and with your options to remove the associated profiles (and reportedly with no management profiles loaded here), or to get the entity holding the supervisory lock to remove it, or to contact Apple with proof of purchase and get them to remove it.

Contact Apple Support. They’ll likely want proof of original purchase from Apple or an Apple authorized reseller as part of this.

Root certificates have nothing to do with MDM. An MDM profile will either be in Settings/General/VPN & Device Management or Settings/General/About Certificate Trust Settings, below the Trust store version and trust assent version. And if the phone is under MDM the certificate can’t be removed.

If you’re referring to the trust store, those are Apple certificates. Those are not modifiable by an end-user. Only Apple.