You can make a difference in the Apple Support Community!

When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Trusting Self-Signed Certificates in iOS 10

It appears that Apple has removed (or hidden) the ability to trust SSL certificates that are self-signed.


We host our own mail server with a self-signed certificate and previously we could manually trust the certificate on iOS devices. Now, users get prompted that the certificate is not trusted, we can only see details or cancel, there's no longer an option to trust it. As a result, they have difficulty sending or receiving mail from the iOS 10 devices.


Anyone know a workaround for this?

Posted on Nov 7, 2016 8:48 AM

Reply
Question marked as Top-ranking reply

Posted on Mar 31, 2017 11:16 AM

What fixed this issue from my iPhone for me was going to Settings -> General -> About -> Certificate Trust Settings, and there is a section called "ENABLE FULL TRUST FOR ROOT CERTIFICATES". Under it lists the certificate that I installed on my iPhone. Once I enabled that, I'm good to go.

52 replies

Dec 22, 2016 2:12 AM in response to Kevlar

The server name for the Mail account must match the server name in the certificate.


If the self-signed certificate worked in Mac OS X Server and now does not after upgrading iOS to 10.x, i.e., the certificate is no longer trusted and there is no option to accept it when the error is reported, the problem can be caused by a mismatch in the name of the server in the Mail account configuration and the certificate.


For example, if your DNS contains a CNAME, such as mail.mydomain.net and your certificate contains the actual server name, e.g., mymacserver.mydomain.net (the FQDN of the host), the problem can occur. In the foregoing example, simply change the server name in the Mail account configuration on the iOS device to match the server name in the certificate, i.e., mymacserver.mydomain.net in the above example.

Trusting Self-Signed Certificates in iOS 10

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.