Apple Intelligence is now available on iPhone, iPad, and Mac!

⏺ Press release

⏺ Learn more

⏺ Watch the video

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Kevlar Author

Level 3

733 points

Trusting Self-Signed Certificates in iOS 10

It appears that Apple has removed (or hidden) the ability to trust SSL certificates that are self-signed.

We host our own mail server with a self-signed certificate and previously we could manually trust the certificate on iOS devices. Now, users get prompted that the certificate is not trusted, we can only see details or cancel, there's no longer an option to trust it. As a result, they have difficulty sending or receiving mail from the iOS 10 devices.

Anyone know a workaround for this?

Posted on Nov 7, 2016 8:48 AM

Top-ranking reply

altjxx

Level 1

14 points

Posted on Mar 31, 2017 11:16 AM

What fixed this issue from my iPhone for me was going to Settings -> General -> About -> Certificate Trust Settings, and there is a section called "ENABLE FULL TRUST FOR ROOT CERTIFICATES". Under it lists the certificate that I installed on my iPhone. Once I enabled that, I'm good to go.

View in context

52 replies

rherardi

Level 1

4 points

Dec 22, 2016 2:12 AM in response to Kevlar

The server name for the Mail account must match the server name in the certificate.

If the self-signed certificate worked in Mac OS X Server and now does not after upgrading iOS to 10.x, i.e., the certificate is no longer trusted and there is no option to accept it when the error is reported, the problem can be caused by a mismatch in the name of the server in the Mail account configuration and the certificate.

For example, if your DNS contains a CNAME, such as mail.mydomain.net and your certificate contains the actual server name, e.g., mymacserver.mydomain.net (the FQDN of the host), the problem can occur. In the foregoing example, simply change the server name in the Mail account configuration on the iOS device to match the server name in the certificate, i.e., mymacserver.mydomain.net in the above example.

Feb 13, 2017 10:00 AM in response to Kevlar

Really?

altjxx

Level 1

14 points

Mar 2, 2017 10:22 PM in response to Kevlar

same problem here. doesn't look like this is going to get resolved. might as well close this thread.

acidrop

Level 1

4 points

Mar 3, 2017 4:32 PM in response to Ophi

I'm on iOS 10.2.1 and I can verify that this was the only method to get the CA self signed certificate imported on my iPhone. Thank you!

Mar 3, 2017 4:34 PM in response to altjxx

Choose See Details and you should see an option to trust it.

Mar 27, 2017 6:11 AM in response to billardal

Hi Alexander... mind to share where did you buy the SSL certificate for 30€? I'd like to avoid to fork out 300USD per year for just 4-5 devices... Thanks

DLR

Level 3

697 points

Apr 1, 2017 8:05 PM in response to rherardi

This post described my situation of having mismatched server addresses. As soon as I changed the server address to match the one expected in the certificate, it was all good.

Thanks.