iOS 11 - Changes to how untrusted certificates are presented to users

daniil_michine · 2017-08-23 06:15:31 UTC

With my testing for iOS 11 I’ve noticed that the untrusted ssl certificates now require more inputs from the user and safari behaves a lot like Google chrome.

Here are some examples:

iOS 10
User attempts to access a page with an untrusted ssl certificate

User just has to hit continue

iOS 11
User attempts to access a page with an untrusted ssl certificate

User has to now go to show details, and click on “Visit this website”

You can test the scenarios yourself by using https://badssl.com this site contains a number of examples of bad certificates that you can run through on the device.

petar · 2017-09-13 11:07:36 UTC

Just to add that on supervised devices, if one installs a Certificate payload via the Apple Configurator, the certificate is automatically marked as trusted in Settings / About / Certificate Trust Settings.

daniil_michine · 2017-09-13 22:33:48 UTC

Even on un-supervised devices if a certificate is installed automatically i.e. apple configurator or MDM it should automatically set to trusted (as per Apple iOS 11 keynote)

petar · 2017-09-18 09:05:29 UTC

I thought so too, but from my tests that doesn’t seem to be the case, at least not in the GM. Installing a root certificate payload on an unsupervised device does not activate full trust for that certificate. Maybe I’m missing something, not sure.

daniil_michine · 2018-07-20 03:27:36 UTC

Apple will soon distrust Symantec root certificates

You may get TLS errors if your web server/endpoint has a certificate issues by a distrusted CA