iOS 11 - Changes to how untrusted certificates are presented to users

daniil_michine · August 24, 2017, 2:43am

With my testing for iOS 11 I’ve noticed that the untrusted ssl certificates now require more inputs from the user and safari behaves a lot like Google chrome.

Here are some examples:

iOS 10
User attempts to access a page with an untrusted ssl certificate

User just has to hit continue

iOS 11
User attempts to access a page with an untrusted ssl certificate

User has to now go to show details, and click on “Visit this website”

You can test the scenarios yourself by using https://badssl.com this site contains a number of examples of bad certificates that you can run through on the device.

petar · September 13, 2017, 11:07am

Just to add that on supervised devices, if one installs a Certificate payload via the Apple Configurator, the certificate is automatically marked as trusted in Settings / About / Certificate Trust Settings.

daniil_michine · September 13, 2017, 10:33pm

Even on un-supervised devices if a certificate is installed automatically i.e. apple configurator or MDM it should automatically set to trusted (as per Apple iOS 11 keynote)

petar · September 18, 2017, 9:05am

I thought so too, but from my tests that doesn’t seem to be the case, at least not in the GM. Installing a root certificate payload on an unsupervised device does not activate full trust for that certificate. Maybe I’m missing something, not sure.

daniil_michine · July 20, 2018, 3:27am

Apple will soon distrust Symantec root certificates

You may get TLS errors if your web server/endpoint has a certificate issues by a distrusted CA