User profile for user: schja01
schja01 Author
User level: Level 1
51 points

Email SSL Certificate not trusted after IOS 5 update (Rackspace Email)

I updated 2 Ipads to IOS 5.

Now both get popups when retrieving IMAP email over SSL.

It says the mail server certificate can't be trusted.

I can ignore the message but it is a pain as it happens frequently.

My email provider is Rackspace.

I contacted them and they say they have received multiple reports of this.

They asked me to do the following:

"We have had a few cases of this and tested on an IOS 5 device we have and had similar results. I am

going to get with our engineers to see if we can find any causes of this. Also if you can can you

see if you can contact apple to see if they are aware of any issues with IMAP, POP, and SMTP with

SSL. In our Case we use Equifax Secure eBusiness CA-1 Root Certificate."

Short of turning off SSL to fix this nusance is there any explanation why this is happening and

how to stop it?

Any insight appreciated,

J

Posted on Oct 13, 2011 11:23 AM

Reply
2 replies
User profile for user: coyled
coyled
User level: Level 1
10 points

Oct 13, 2011 2:25 PM in response to schja01

I believe this is because of a security update described in http://support.apple.com/kb/HT4999 :


"Impact: Support for X.509 certificates with MD5 hashes may expose users to spoofing and information disclosure as attacks improve"


"Description: Certificates signed using the MD5 hash algorithm were accepted by iOS. This algorithm has known cryptographic weaknesses. Further research or a misconfigured certificate authority could have allowed the creation of X.509 certificates with attacker controlled values that would have been trusted by the system. This would have exposed X.509 based protocols to spoofing, man in the middle attacks, and information disclosure. This update disables support for an X.509 certificate with an MD5 hash for any use other than as a trusted root certificate."


The SSL cert used by Rackspace at secure.emailsrvr.com uses MD5 signatures, which are no longer trusted in iOS 5. Rackspace would likely have to update their cert.

Reply
User profile for user: schja01
schja01 Author
User level: Level 1
51 points

Oct 13, 2011 3:30 PM in response to coyled

Coyled,

Thank you. You hit the nail on the head. Unfortunately Rackspace thinks it may be a monumental task to replace all their certificates. Not sure one way or the other. But thanks for the information. In the mean time I just reverted to IMAP without SSL. If or when Rackspace updates their certificates I will put it back on.

J

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Email SSL Certificate not trusted after IOS 5 update (Rackspace Email)

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up