Guest User!

You are not Sophos Staff.

Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 12464 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

HTTPS Decrypting / IOS

florianmulatz

Hi @All,

I have problems to get working the https decryption with all my IOS devices. 
I configured a firewall rule for testing the https decryption which has (actually) two devices in there -- my Desktop PC and my own iPhone.

Both devices has the Sophos CA Certificate for https-decrypting imported. It is working normally on my desktop PC but I cannot get it working on my iphone. It's always telling me for SSL sites that it has a untrusted certificate.

I also tried to create my own openssl-ca - same issue as with the Sophos CA Certificate. (desktop is working but not the iPhone)

Do you have any clues on that?

Thx for any help!



This thread was automatically locked due to age.
  • 0

    Hey@All,

    Does really no one has an idea? That's really annoying problem to be honest. Of course it's a private firewall but it cracks me up that it isn't working and I do not know why.

    Thx for any answer!

  • 0 in reply to florianmulatz

    Hi  

    Did you change the certificate extension to .cer or .crt and install it on your IOS. This should be included in the keychain.

  • 0 in reply to Aditya Patel

    As told in the first post - the iPhone already have imported the certificate. 

    I tried all certificate-formats the iPhone supports - .cer, .crt, .pfx, .p12 (pfx converted via openssl)

    BR

  • +1

    Hi Florian,

    since one of the last iOS versions you need to activate the full trust to your root certificate after the installation as a profile.

    You can find this menu here:

    Settings --> General --> Info --> Scroll down --> Certificate trust settings (my Devices are not running in English, so I hope the translation is close to the original)

     

    If your certificate is not visible there, you need to create a new one with the correct CA extensions (and maybe stronger algorithms).

    I've used the following HowTo after I ran into this problem some weeks ago:

    jamielinux.com/.../introduction.html

     

    Best Regards

    Dom Nik

  • 0 in reply to DomNik

    Hi Dom,

    This was the decisively hint. I haven't known that I've to activate it dedicatedly there.
    I imported the Sophos CA Cert again there (as my own CA Cert created with exactly the linked article) is not shown there - maybe I'm missing something but this is ok as long as the Sophos is working now after I "activated" it to fully trust it on my iPhone.

    Many, many thanks! 

    BR & have a nice weekend