Exchange Self Signed Certificates (Trust Issues with iOS 11)
With the older iPhone iOS versions, accepting a self signed SSL certificate with a company's Exchange server was easily accomplished since you were allowed to "Continue" with the installation setup prompt during the email account setup process. For newer iOS (such as 11.4.1), a self signed certificate is "Not Trusted" therefore the account cannot be setup and will not be enabled by default. If a user restores their settings from their existing iPhone iCloud account, the Exchange settings appear to transfer without a problem, however, if a user is setting up their iPhone without an iCloud restore process or a new user is trying to setup their iPhone with an Exchange account with a self signed certificate, a "Trust" issue will occur. The following procedure worked for our environment as a workaround for using our internal Exchange server with a self signed SSL certificate.
- Remove the attempted (Not trusted) "Exchange" account from your new iPhone.
- Setup a personal pop email account on the new iPhone such as a gmail, yahoo, etc.
- Have your IT administrator "export" the self signed Exchange SSL certificate as a ".cer" file from the Exchange server and email it to the account listed in step 2. (Using Windows Server "Certification Authority" mmc)
- Open the email attachment on the iPhone and "Install" the certificate. Installing the certificate should appear as a "verified" certificate (green check mark) when it is installed properly on the iPhone.
- Navigate on the IPhone Settings > General > About > Certificate Trust Settings and turn on the "Enable full trust for root certificates" for the installed certificate from step 4.
- Reboot the iPhone (required)
- Go into the account settings on the iPhone and setup the Exchange account. The Exchange email account should process the setup without any issues.
iPhone X, iOS 11.4.1, Exchange Self Signed SSL Issues