Import SecurityAppliance_SSL_CA into iOS Devices

Hi,

this is possible but you have to deal with couple of exceptions. 

Apple is not a fan of using https inspection.

There are couple of guides in the internet, just check out something like:

How to deploy secure SSL certificate to iOS?

Most of the time, only Safari will work. Apps etc. may or may not use cert pinning or may or may not use the CA cert at all... 

I would prefer not to use SSL inspection but our students are bypassing the web and application filters by running X-VPN and other VPN apps on their mobiles. Sophos has a number of application filter/definitions including X-VPN which do NOT work. 

I downloaded the CA from the Sophos appliance and emailed it to my iPhone. I get the following error:

Convert the certificate into the PEM file format -> change its extension into .crt and try again

it is a PEM file. I renamed it to .crt and .cer. None works. Same error.

Hi,

Where you able to import the sophos XG SSL cert into IOS device? I am having same issue with IPAD IOS Version 12.4.1, It seems that "trust the root certificate" setting is no longer available in new IOS versions. So far only way to import is if you have Apple Configurator 2 app (which runs on imac only) or MDM. For home, I got neither. 

I was able to important the SSL cert into WIndows computers and ANdroid phone, took me 5 minutes.

Hi,

I have imported the XG CA into iPad and iPhone, all running the latest versions of IOS 12.4.1.

Ian

Hi, thanks for the reply. Could you please share how you did it?

Hi,

I sent the p12 to myself and double clicked on it in the mail message.

Ian

Well I am able to send the .pem file to myself as well and import it using the Network Agent but that is as far as I can get. There is second step where you need to go into General > About > Certificate Trust Settings > to enable the CA. This option is no longer there. 

Ok. It seems there is now a 3 step process.

Open the SSL CA file > It will show you message "review the profile in settings app..." then go back to settings and under your name, you will see the "downloaded profile" click that, you then install the cert, then go back to General > About > Certificate Trust Settings > to enable the SSL cert.