iOS 12 devices stop connecting to SHA-1 certificate MDM servers


#1

iOS 12 devices have completely stopped connecting to MDM server that is using SHA-1 self-signed certificate. Existing devices could not be managed, new devices are unable to enroll.
Note that this certificate has full trust on the device as it was installed as a configuration profile during initial MDM enrollment profile.
iOS 11 announced deprecation of SHA-1 but clearly mentioned this wouldn’t disrupt user trusted certificates. On iOS 11, the devices were connecting fine. However upgrading to iOS 12 has broken the connection.
Is anyone else facing this problem? Has anyone been made aware of this sudden change with iOS 12?


#2

Your MDM server has to adhere to the ATS criteria in order for the device to communicate.

Apple have announced during WWDC2017 that they will be enforcing ATS for MDM in 2018