Trusting Self-Signed Certificates in iOS 10

You asked what format my CA is in, not 100% sure but the file extension is .cer. Not sure how to tell beyond that. Are you installing this on an iPhone? Because I definitely do not have those options given to me when I click on the ***.cer file. So it must not be recognizing the file type or format?

I had the same issue with an account hosted by Dotster. They couldn't help -- basically were goggling the same 'fixes' we see here and other google-regurgitated tripe. Their cert was a COMODO cert with an expiration of 4/2019 (three year) so it's not like the cert was just renewed. My behavior started after the iOS 10.3 update.

And like a few of you, I'm a server herder from way back -- rolled my own many times. But iOS is wonky - and we forget that it 'remembers' crap unless we go to some effort to overwrite its mysteries. So I removed the account completely from the phone. When I re-entered the account using POP/SMTP and SSL, it gave no alert and allowed me to send successfully. I thought that was weird, but hey -- the account worked. That was fix #1.

I also noted on another account, when I deleted just the SMTP server -- walked all the way out of the settings, power-cycled the phone, then added the SMTP server back in fresh, it then gave me the alert that the cert wasn't trusted, but it ALSO gave me the option to manually trust with the red link. That was fix #2. So this is an iOS issue wherein the interface isn't consistent between settings a SMTP up fresh vs attempting to edit a pre-existing one.

I also played with another SMTP server that was broken like this, not removed from another phone, and it displays the same frustrating details screen MISSING the red TRUST link/button. All worked well when I used my first method on that account, too. Go figure.

An additional step is now required in iOS 10.3: You must go to General->About->Certificate Trust Settings and turn on the root CA you just installed.

Dear Apple: In my humble opinion (1) these settings do not belong in this totally non-intuitive place (2) the warning when installing the certificate implies turning this on is only necessary for web browsing, but it's necessary in general (3) mail app should NOT go into a spastic frenzy of pop-up panels indicating untrusted SSL certs when connecting to an imap server. #3 renders the iPhone unusable, and you can't even punch through to settings or anything else quickly enough. The panels never stop. Users have to be dexterous enough to quickly turn on airplane mode to regain access to the phone!

I did all of the above steps but when I click "Certificate Trust Settings" all I see is "Trust Store Version" and below a link that says "Learn more.." I even restarted my iPhone and still nothing. I can see the cert I just installed under "Profile" and it even says "Verified". But, when I go to the iOS Mail App and click Details at the "Cannot Verify.." popup it looks like the same cert but it says "Not Trusted", also the dates are different than the one I can see when I go to settings. How do I get the Mail App to recognise the cert I installed, am I doing something wrong?

Having the same problem on my iPad Pro with 10.3.3. Downloaded and installed my certificate and shows up in my profile as 'not verified' with no option to trust it. Does not show up under certificate trust settings either.

I have absolutely no problems with my i6s running 10.2.1 when my exchange email is set up the exact same way and I didn't even need to install my cert...

Try this:

- use another email account on the iPhone

- email the self signed (root) certificate to your mail account on the phone

- open the email and tap the attachment (cert)

- tap install on the top right hand corner and complete installation

Go back to Mail and Calendar settings to add your Exchange mail account. You should now be able to proceed.

So you're able to add Exchange mail account but unable to send encrypted mail? It sounds more like you're encrypting messages with self signed cert. I was talking about encrypting client/server connection with a (self signed) cert. Sorry, I don't encrypt email messages.

My mistake, sorry. Now I know why I mentioned "Exchange". Found another similar discussion at the following link (and they're using Exchange server). Some say iOS 10.1 fixed the problem. Others in that discussion said it didn't.

ios 10 with self-signed certificate in MS Exchange

Yes indeed someone mentioned Mac server 10.x. I know nothing about Macs so I can't comment.

Anyone know when/if this will be solved? I have the same issues.

Hi,

same problem here. Problem solved by buying a trusted ssl certificate. Costs about 30 Euros in Germany and takes about 15 min to get.

best

Alexander

Of course using (or buying) trusted SSL cert will pose no problem. I think Kevlar and vst2001 are hoping for a resolution to be able to keep using self signed SSL cert. Just like you, I'd spend a few bucks buying (publicly trusted) SSL cert to resolve it.