iOS 11 - Changes to how untrusted certificates are presented to users


#1

With my testing for iOS 11 I’ve noticed that the untrusted ssl certificates now require more inputs from the user and safari behaves a lot like Google chrome.

Here are some examples:

iOS 10
User attempts to access a page with an untrusted ssl certificate

User just has to hit continue

iOS 11
User attempts to access a page with an untrusted ssl certificate

User has to now go to show details, and click on “Visit this website”

You can test the scenarios yourself by using https://badssl.com this site contains a number of examples of bad certificates that you can run through on the device.


iOS 11 - Topic Summary
#2

Just to add that on supervised devices, if one installs a Certificate payload via the Apple Configurator, the certificate is automatically marked as trusted in Settings / About / Certificate Trust Settings.


#3

Even on un-supervised devices if a certificate is installed automatically i.e. apple configurator or MDM it should automatically set to trusted (as per Apple iOS 11 keynote)


#4

I thought so too, but from my tests that doesn’t seem to be the case, at least not in the GM. Installing a root certificate payload on an unsupervised device does not activate full trust for that certificate. Maybe I’m missing something, not sure.


#5

Apple will soon distrust Symantec root certificates

You may get TLS errors if your web server/endpoint has a certificate issues by a distrusted CA