iOS 11 - Changes to how untrusted certificates are presented to users

With my testing for iOS 11 I’ve noticed that the untrusted ssl certificates now require more inputs from the user and safari behaves a lot like Google chrome.

Here are some examples:

iOS 10
User attempts to access a page with an untrusted ssl certificate

User just has to hit continue

iOS 11
User attempts to access a page with an untrusted ssl certificate

User has to now go to show details, and click on “Visit this website”

You can test the scenarios yourself by using https://badssl.com this site contains a number of examples of bad certificates that you can run through on the device.

Just to add that on supervised devices, if one installs a Certificate payload via the Apple Configurator, the certificate is automatically marked as trusted in Settings / About / Certificate Trust Settings.

Even on un-supervised devices if a certificate is installed automatically i.e. apple configurator or MDM it should automatically set to trusted (as per Apple iOS 11 keynote)

I thought so too, but from my tests that doesn’t seem to be the case, at least not in the GM. Installing a root certificate payload on an unsupervised device does not activate full trust for that certificate. Maybe I’m missing something, not sure.

Apple will soon distrust Symantec root certificates

You may get TLS errors if your web server/endpoint has a certificate issues by a distrusted CA