iOS 18 has new issue with self signed SSL certificate

Community Apple Developers
TallPGR
TallPGR OP
Created Sep ’24
Replies 18
Boosts 14
Views 6.4k
Participants 17

After updating my iPad 11 Pro to iOS 18, Apple’s email client now refuses to honor the self signed certificate I use for my IMAP server with the error ‘Unable to create a secure connection to the server ("bad certificate format" -9,808).’ Clients on other platforms such as Android, Windows, Linux and Solaris work fine. iOS 17 email accepted the certificate chain without error.

I imported my CA root certificate into the iOS trust store and enabled root certificate trust for it, and still cannot get past this error.

The certificates were generated with OpenSSL utilities version 1.1.1w.

Anyone have insight into a more detailed meaning for that error code, or a pointer to a tool that will identify what is offensive with my certificate to iOS. This is a high priority for me.

Thanks.

Replies  18
Boosts  14
Views  6.4k
Participants  17
Vic2025
Vic2025 OP
Jan ’25

Same here. Before deleting the account and restarting the iphone worked until iOS18. Update to iOS18.2.1 has not solved the issue.

0
joshuanathanson
joshuanathanson OP
Feb ’25

I was finally able to get this fixed with the help of the following link:

On your server: create a self-signed SSL Certificate with SubjectAltName(SAN) https://gist.github.com/KeithYeh/bb07cadd23645a6a62509b1ec8986bbc

Once you do that, point your imap server (dovecot in my case) to that new cert.

Then, email the cert file to yourself, open it in your phone, and download it.

On your phone, open the Files app and find the file. When you open it, you'll be asked if you want to install. Go ahead and do that. It will say something like "View Profile in Settings" so open Settings; you should see it there, click it and follow the instructions.

You should then see the cert in the Settings -> About -> Certificate Trust Settings area.

For me, I had to restart my phone to see the toggle switch to enable full trust for root certificates.

Finally, I was able to get my email! Hooray!

0
PenguinAdLitem
PenguinAdLitem OP
Feb ’25

Same problem, but I may have a workaround.

My old certificate used wildcard SANs. I have just updated with a new certificate using NO wildcards. I then added a new account, and it allowed me to trust the new certificate. I have to test to see if this is actually working for that account, now, and if it fixed the other accounts that use the same certificate. But at least it's progress.

0
iOS 18 has new issue with self signed SSL certificate
First post date Last post date
 
 
Q